

Lab Topology 

Cisco Service Provider SDN Routing in Action Sandbox v4 















• NSO in “Big Picture” 

• NSO Architecture 

• NSO YANG 101 

• NSO Installation 

• NSO Device Manager 

• NSO Service Manager 

• Service Model Look Like 

• NSO XML 101 

• NSO Service Creation 
. NSO REST API 






Transformation to SD Transport Network 


• Build in 5G and Video Transport capabilities into 
existing IP Transport Network 

• Segment Routing 

• Network Slicing 

• EVPN L2&L3 Service 

• Evolve traditional service core to virtual (or hybrid) 
centralized Video HE/OTT to dist Video HE/OTT 

• CUPS / Distributed Video HE / OTT / CDN 

• Distributed Functions 

• Edge Compute 


Transport Transformation 
Service Transformation 


SDN Automation 


Automate and Orchestrate 

• NSO Orchestrator 

• WAE Analytic (WAN Automation Engine) 

• SDN Controller SR PCE 

• Telemetry 


• SD DC / Telco DC Transformation 

• Spine - Leaf Architecture 

• Cloud Native Service 

• Virtualization Service 





User Plane 
Dist Video HE 
OTT CDN 


Access SD DC 


IP Edge 
and Core 


Packet C6re 
Video HE 
CiTT CDN 


Aggregation 
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Simplify — Virtualize - Automate - Network Slicing 
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IP MPLS Evolution to Segment Routing + SDN Automation 


IP MPLS 


SR + SDN Automation 

■ 

Benefit 


Applications 


L3VPN Services 
L2VPN Services 

Multi-IGP 

FRR&TE 

Single IGP 



SDN 

AUTOMATION 


Applications 



EPNM 

APIs NMS 


SDN 


• End to End Visibility & Analysis 

• Simulation & Prediction 

• Network Service Optimization 

• Oust SLA On-Demand Automation 


\ 


APIs 


L3VPN Services 
L2VPN Services 

FRR&TE 


Single IGP 


BGP 


IGP with SR 
Auto Protection 
Load Balance 
SR-ODN 
Dynamic TEPath 


> 50% Simplification Protocol 

• Simplied SLA Path with SR-ODN 

• Automated sub-50ms Protection 

• Automated Microloop Avoidance 

• Automated Load Balance 

• Automated Traffic Eng & Steered 
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SDN Automation in Network Lifecycle 


EPNM 




WAE 




Evolved Programmable 
Network Manager 


WAN Automation 
Engine 


Detect 

Correlate 

Isolate 


a 

I 

• Q 





Dynamic Inventory 


Optimize 


M 1111)11 Ik 


BW & Topology 
Optimization 



’’Operate” service, 
network & device 
resources as the single 
point of truth for all 
operations 


Traffic planning, 
design & 

optimization within 
the network 
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NMS 

ASSURANCE 


ANALYTIC 

SIMULATION 


SR PCE 


NSO 


XR Transport 
Controller 

Path 

Computatior^fO 

Element 



Model Driven 
Orchestration 


Network Service 
Orchestrator 


Deploy 



Model Driven 
Orchestration 



Real Time Path 
Compute and 
Topology 


Implement Agile Service 
Orchestration for Across 
WAN, DC, NFVI 


SDN SR PATH 
COMPUTATION 


ORCHESTRATOR 

































Integration Framework 


OSS/BSS 


api H 

Network 

Service 

NSO 

k Orchestrator 

L._ 

NEDs 


REST/ 

Netconf 



NMS/EMS 

FCAPS 


I 



SNMP 

Traps 


Apps 




API 



WAE 

Analytic 
Simulation 
Planning j 



Path 
Computation 
Enaine 



























SD Transport Network Architecture Journey 


NSO : Network Service Orchestrator 


Apps 


Applications 


APIs 


SD 

IP Network 


SDN Automation 


1 


APIs 


Netconf/YgTg 


Service: 

BGP/EVPN 


OSPF / ISIS 
Segment Routing 


End-to-End Service Orchestration 

' \ 

\ 

/ End-to-End Path optimization w ithSLAs 

\ 

\ 

\ NMS EPNM : EPN Manager 

\ 


WAE : WAN Automation Engine 


SR PCE 


/ X 

/ X 

/ S 

/ y 

/ ^'PCEP 

/ ✓ 

/ / 


/ ' 


BGP-L6 

/ 

/ 

/ 

/ 

/ 

/ 


^GP-LS '' 

\ ' \ 

\ NS 

' N \ 

\ S N 

\ PCBP s Netconf/Yang 

\ S \ 

\ S v N 
\ V \ 



Services BGP L3VPN L2VPN EVP X N 


Segment Routing + Tl LFA 


Access 

Node 


OSPF Area 0 


Node 


CORE FABRIC (SR 


OSPF area 0 



Pee’r'ing'Spine 
Node 


OSPF Area 0 


, „ A11 u ^ ^ t . Multidomain IGP - Seamless IP MPLS - Unified MPLS 
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SDN Automation Framework 





v 


v 


SR PCE 


WAE 



DC SDN Controller 

VNF Manager 

(APIC) 

(ESC) ~ | 



Internet 


Metro E 


Cloud 

Partner 


Core 


Metro 


Aggregation 


Access 


VESA 


vFW 


VESA 


Data Centers 


— 

























































Automation and Orchestration 


Automation - the use of control systems to reduce human 
effort, especially of single, repetitive tasks 




Orchestration - the use of control 
systems that direct other diverse 
systems in the execution of a 
workflow or multi-step process 












Departmental Pain Points 


Network Engineer 

Ops and Provisioning Team 

Service Developers 

“Automation” 

“Customer Experience” 

“Time-to-Market” 

Day-to-day management 

Provisions services and 

Develops new network 

of rapidly growing, 

manages service quality 

services on demand 

complex networks 

in networks 

Challenge 

Challenges 

Challenge 

• Implementation time 

• Error-prone manual tasks 

• No service insight 

• Cost of change 

• Growing backlog 

• Lack of automation 

• Lack of tooling 

• Virtualization is coming 

• Quality issues in service delivery 



■ 111 • 111 • 
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Transition Towards Automation 


Network Engineer 

“Automation” 

Ops and Provisioning Team 

“Customer Experience” 

Day-to-day management 

Provisions services and 

of rapidly growing, 

manages service quality 

complex networks 

in networks 

Challenge 

Challenge 

• Device configuration tasks 

• No service insight 

• Growing backlog 

• Lack of automation 

• Virtualization is coming 

• Quality issues in service delivery 


Network API 

Utilize a single interface to all network 
devices 


Service Abstraction 

Leverage one central API for all services 


Service Developers 

“Time-to-Market” 


Develops new 
network services 

Challenge 

• Implementation time 

• Cost of change 

• Lack of tooling 

Transformation 

Develop your own services 

Stage 3 


. 111.111. 
CISCO 


Stage 1 


Stage 2 
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Automation Maturity Model 


NSO: Python API Python Templates 


Ad-hoc / 
Scripting 



Engineer run 
one-off scripts 
and tools 


Re-useable 

Frameworks 



Centrally managed 
frameworks & templates 
for faster development 


• rg'n ii ■ i 

CISCO 


Service Models 


Orchestration 



Automated configuration lifecycle. 
Creation, Modification and Removal 
automated in one place 
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Model-Driven Configuration and Telemetry 


Apps 


Appl 


App2 



APIs 



Protocol 


NETCONF 


RESTCONF 


gRPC 


Encoding 


M 




XML 




JSON 

gRPC 


Transport 


NETCONF 


HTTP 


Models 


YANG Models (native, open) 


Model-Driven 

Configuration 


y 



Model-Driven 

Telemetry 


■ 111 • 111 • 
CISCO 
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Cisco NSO : Single Network CLI + WebGUI + API for Network Service 


NSO 
NED CLI 


f > 

Application 

s_ * 


SP 

Operator 


SP 

Engineer 


End-to-End 

Service 

Day1/Day2 

Orchestration 


NETCONF API 
REST API 
RESTCONF API 
SNMP 



• 111 • 111 
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WebGUI 
http / https 


Network CLI 
telnet / ssh 


I 


NSO 


£ 


♦ 

i 


Service Abstraction 


Mapping 


Network Abstraction 


Service YANG 
Models 


Device YANG 
Models 


NSO 
NED CLI 


I 

I 

I 


NSO 

NED Netconf 


t 

l 

l 

l 



Cisco Router 



^ ft 1 


h 

CE-DC 


Juniper Router 


CRUD Service 

- Create 

- Read 


- Update 

Itsco and/or its affiliates. All rights reserved. Cisco Confidential 

- Deletion 































































Cisco Network Service Orchestrator Architecture 


Applications 


Engineers 


REST, NETCONF, Java, Python, Erlang, CLI, Web Ul 


NETCONF, REST, SNMP, CLI, etc 



End-to-End 

Transactions 

Day1/Day2 

Configurations 



VNFM 

Controller Apps 
EMS and NMS 


Network Apps 


CRUD Service 

- Create 

- Read 

- Update 

- Deletion 


• Logically centralized network 
services; 

• Data models for data structures 

• Structured representations of: 

• Service instances; 

• Network configuration and 
state; 

• Mapping service operations to 
network configuration changes; 

• Transactional integrity; 

• Multi-protocol; 

• Multi-vendor; 
















































NSO build Decoupled Service 


• Services defined in YANG. No 
Hardcoded Services. 

• Services are Customer’s Intellectual 
Property 

• Loosely coupled, precise “Mapping” 
from Service Yang -> Device[s] 
Yang 




▼ & Services 

I—I /ncs:services/sr-odn-pce:sr-odn-pce 
D /ncs:services/sr:sr 
D /ncs:services/ldp:ldp 
Q /ncs:services/l3vpnv4v6:l3vpnv4v6 
D /ncs:services/l2ptp:l2ptp 
D /ncs:services/ipsla:ipsla 
Q /ncs:services/iotvpnv4v6:iotvpnv4v6 
D /ncs:services/inet-ptc:inet-ptc 
Q /ncs:services/bgpv4v6:bgpv4v6 
D /ncs:services/bgplabel:bgplabel 





Tail-f NSO: Services Orchestration Platform 
Network Abstraction - YANG Data Models 


VNF-M 


SDNc 


Domain 

Controller 


EMS 


NMS 


Metro and Access 


WAN 


Data Centre 






















NSO build Network Data Model 


Precise data-model for the entire 
network. YANG based device¬ 
models. 

Automatic CRUDs on network 
elements via NEDs - normalised 
south-bound interfacing 

Generic way of consuming the 
network irrespective of technology 
vendor, platform, device. 


Yang Data Model 


Network becomes YANG 


Tail-f NSO: Service Centric Platform 



Network Abstraction - YANG Data Models 


VNF-M 


SDNc 


Domain 

Controller 


EMS 


NMS 


Metro and Access 


WAN 


Data Centre 























CRUD Service : Create Read Update Deletion 
Traditional Workflow Driven vs NSO Model Driven 


Minimal 

required 

"workflows" 


At Insertion of 
new Device, 
Platform, 
Technology 



Minimal 

required 

"models" 


At Insertion of 
new Device, 
Platform, 
Technology 
















Before Model Driven Service 


Workflow-based service-to-network mapping 


Service Model 


Service instance 
creation 


One mapping per 
operation 


'Ll Snippets with 
variables from 
Service Model 


_!_ 1 

Vendor-specific CLI 
commands, manually 
applied or template with 
whole device config. 
automatically applied 


1 


Device 

Configuration 


Hard-coded 
CLI snippets 


Model-to-model service-to-network mapping 


Service Model 


Model to Model 
mapping: 
Stateful rendering 
of orchestration 
sequence 


Service instance 
creation 


One mapping for 
all operations 




Device Model 


NETCONF or vendor- 
specific CLI commands, 
only config. differences 
automatically applied 


Device 

Configuration 


r 































NSO Model Driven Service Orchestration 


Service Model 


•VPN" 



Formally defined (in a 
computer-readable 
modeling language) 
description of a 
customer and/or 
resource-facing service 


Device Models 

"Juniper, Cisco" 



Formally defined (in a 
computer-readable 
modeling language) 
description of device 
configuration 
parameters 


Instances of 
Service Model(s) 


Service 

Model 



"Ford VPN' 


VV "Volvo VPN" 

lx 




Instances 


Run-time representations 
of instantiated services in 
the orchestrator. 


Design 


Operations 
























NED (1/6) 


Vendor 

Device/Platform 

A10 Networks 

AX Series 

Thunder Series 

Adtran 

Total Access 900 Series 

Total Access 5000 Series 

Adva 

Carrier Ethernet FSP 150CC Series 

Affirmed Networks 

Acuitas Service ManagSment System 

Alcatel-Lucent 

7210 Service Access Switch 

7450 Ethernet Service Switch 

7705 Service Aggregation Router 

7750 Service Router 

7950 Extensible Routing System 


Arista 7048 Series 

7050 Series 
7150 Series 
vEOS 

Brocade Netlron CES 2000 Series 

Netlron MLXe Series 
Netlron XMR Series 
Serverlron ADX Series 


Vendor 

Device/Platform 

Ciena 

3000 Family 


5000 Family 


ESM 


Cisco Application Policy Infrastructure Controller Data Centre 

(APIC-DC) 


ASA 

ASA 1000V Cloud Firewall 

ASA 5500-X Series Next-Generation Firewalls 

Adaptive Security Virtual Appliance 


IOS 

800 Series Routers 

1800 Series Integrated Services Routers 
1900 Series Integrated Services Routers 
2500 Series Routers 
2600 Series Multiservice Platforms 
2800 Series Integrated Services Routers 
2900 Series Integrated Services Routers 
3800 Series Integrated Services Routers 









NED (2/6) 


Vendor 

Device/Platform 

Cisco 

IOS/IOSXE 

3900 Series Integrated Services Routers 

7200 Series Routers 

7600 Series Routers 

Catalyst 2900 Series Switches 

Catalyst 2960 Series Switches 

Catalyst 2960-X Series Switches 

Catalyst 3550 Series Intelligent Ethernet Switches 

Catalyst 3750 Metro Series Switches 

Catalyst 3850 Series Switches 

Catalyst 4500 Series Switches 

Catalyst 4500E Series 

• Supervisor Engine 7-E 

• Supervisor Engine 8-E 

Catalyst 4500-X Series Aggregation Switch 

Catalyst 4900 Series Switches 

Catalyst 6500 Series 

• 10 Gigabit Ethernet Modules 

• Mixed Media Gigabit Ethernet Modules 

• Supervisor Engine 2T 

• Switches 

Catalyst 6500-E Series Chassis 


Vendor 


Device/Platform 


Cisco 


Catalyst 6900 Series Ethernet Interface Module 
Cloud Services Router 1000V Series 
ME 3400 Series Ethernet Access Switches 
ME 3600X Series Ethernet Access Switches 
ME 3800X Series Carrier Ethernet Switch Routers 
ME 4900 Series Ethernet Switches 
uBRIOOOO Series Universal Broadband Routers 

ASR 900 Series Aggregation Services Routers 
ASR 1000 Series Aggregation Services Routers 
cBR Series Converged Broadband Routers 
Cloud Services Router 1000V Series 
RF Gateway Series 

IOS XR 

12000 Series Routers 
ASR 9000 Series 
Carrier Routing System 
IOS XRv Router 










NED (3/6) 


Vendor 

Device/Platform 

Cisco 

NX OS 

Nexus lOOOv Series Switches 

Nexus 3000 Series Switches 

Nexus 5000 Series Switches 

Nexus 6000 Series Switches 

Nexus 7000 Series Switches 

Nexus 9000 Series Switches 

Nexus 9300 Platform Switches 


Policy Suite (CPS/QPS) 


StarOS 

ASR 5000 Series 

Quantum Virtualised Packet Core {QvPC-SI/-DI) 


Web Security Appliance (WSA) 

Citrix 

Netscaler lOOOv 


Vendor 


Device/Platform 


F5 Networks 


Fortinet 


BIG-IP 1600 
BIG-IP 3600 
BIG-IP 3900 
BIG-IP 6400 
BIG-IP 8900 
BIG-IP Virtual Edition 
Viprion Chassis 


FortiGate 200 Series 
FortiGate 500-300 Series 
FortiGate 800-600 Series 
FortiGate 1000 Series 
FortiGate 3000 Series 
FortiGate Virtual Appliances 






NED (4/6) 


Vendor 

Device/Platform 

Huawei 

ATN Series 

NetEngine40E Series Universal Service Router 
NetEngineSOOOE Cluster Router 

Quidway S3300 Series Switches 


Juniper EX Series Ethernet Switches 

Firefly Perimeter (Virtual SRX) 

M Series Multiservice Edge Routers 
MX Series 3D Universal Edge Routers 
QFX Series 

SRX Series Services Gateways 


Vendor 


Device/Platform 


Overture 

1400 

2200 

5000 

5100 

6000 

Palo Alto 
Networks 

PA-2000 Series 

PA-3000 Series 

PA-5000 Series 

Virtualised Firewalls 

Procera 

Networks 

PacketLogic 9000 Platform 


Quagga 


Guagga Routing Software Suite (BGP module) 






NED (5/6) 


Vendor 

Device/Platform 

F5 Networks 

BIG-IQ 


H3C 


S5800 series 


Infinera 


DTN-X Multi-Terabit Packet Optical Network 
Platform 


Juniper Contrail Controller 


MRV 

Communications 


Master-OS 

OptiSwitch 9000 series 


NEC 
Netf liter 
Nominum 


iPASOLINK family 
Iptables (Linux) 
DCS 


OneAccess 


OneOS for Routers 
One540 


Open vSwitch OVSDB (shell) 


Vendor 


Device/Platform 


OpenDaylight 

Controller 

Lithium 

Openstack 

Cloud Operating System 

Identity (Keystone) 

Networking Service (Neutron) 

Image Service (Glace) 

Compute (Nova) 

Pulsecom 

SuperG 

Riverbed 

Steelhead Series 

Silver Peak 

VXOA Virtual Appliance 

Sonus 

SBC 5000 Series 

Telco Systems 

BiNOX 

T-Marc Family 

VMware 

vSphere 

ZenOSS 

Service Dynamics 

ZTE 

xPON OLT 




































NED (6/6) 


Vendor 

Device/Platform 

Accedian 

Networks 

High Performance Service Assurance MetroNID 

Alcatel-Lucent 

5620 Service Aware Manager 

Allied Telesis 

x210^Series 

Amazon 

Amazon Web Services 

Avaya 

ERS 4000 Series 

SR 8000 Series 

VSP 9000 Series 

Brocade 

Vyatta 5400 vRouter (Vyatta VSE) 

CableLabs 

Converged Cable Access Platform 


Vendor 


Device/Platform 


Cisco 

ME-1200 

ME-4600 

Meraki 

NCS2k (CTC) 

Prime Network Registrar (PNR) 

UCS Manager 

Clavister 

cOS Core 

Eagle Series 

Coriant 

8600 Smart Router Series 

Datacom 

DM2100-EDD Family 

DM4000 Family 

Dell ForcelO 

Networking S-Series 

Ericsson 

EFN324 Series 

SE family 






Why is the "S" in NSO so useful ? And What does it stand for ? 
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YANG 101 












What is YANG ? 


It is not the opposite of 
Yin 




Stands for: 

Yet 

Another 

Next 

Generation 

(Data Modeling Language) 


YANG is a data modeling 
language used to model 
configuration and state 
data manipulated by the 
Network Configuration 
Protocol (NETCONF) 




YANG type and a way to think about it 


• Container 

• Groups things together 

• List 

• A collection of containers 

• Leaf 

• A end no& of data 

• Leaf-List 

• A list of single items 






YANG Model Statements and Hierarchy 

Container J 

Container 
Leaf-List 


Container 

List 

Leaf 


Container 


Leaf 


Leaf 


Leaf-Ref 


Leaf 


Leaf: single value of a defined type 

Leaf-list: multiple values of the same type 

List: multiple records containing at least one 
leaf (key) and an arbitrary hierarchy of other 
statements 


Container 


Leaf 


Leaf 


Leaf-Ref 


■ Container: groups other statements; has no 
value 


Leaf 


Container Leaf 


Leaf Leaf-Ref 


Leafref: is a reference to another leaf 


CISCO 
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Modeling a Football Team in YANG 


Team should have a name. 
Has multiple players. 

Players have names. 

They have specific positions. 
They have an age. 


Yang 


Container FootballTeam { 
Leaf TeamName {type string;} 
List Player { 

Leaf Play erName {type string;} 
Leaf Position {type string;} 

Leaf Age {typeuint8;} 

} 


} 


Modeling a Cisco IOS Commands in YANG 


radius server <AAAServer> 

container radius { 
list server { 
leaf id {type string;} 
container address { 

address ipv4 <IP Address> auth-port 1812 acct-port 1813 

container ipv4 { 

key 7 <Encrypted Key> 

leaf host {type string;} 
leaf auth-port {typeuintl6;} 
leaf acct-port {typeuintld;} 

ft 

container key { 

leaf encryption {type enumeration;} 
leaf key {type string;} } } } } } 


Modeling a Cisco IOS Commands in YANG 


ip access-list standard <NAME> 
permit <IP address 1> 
permit <IP address 2> 
ip access-list extended <Name> 
permit <rule> 
deny <rule> 


Container ip 
container access-list { 
container standard 
list std-named-acl { 
leaf name {type std-acl-type;} 
list std-access-list-rule { 
leaf rule {type string;} } } } 
container extended { 
list ext-named-acl { 
leaf name {type string;} 
list ext-access-list-rule { 
leaf rule {type string;} } } } 




































Examples of YANG 

container access { 

description "Set access mode characteristics of the interface"; 
leaf vlan { 

description "VLAN ID of the VLAN when this port is in access mode" 
type uintl6 { 
range "1..4094"; 

> 

> 

} 

container voice { 

description "Voice appliance attributes"; 
leaf vlan { 

description "Vlan for voice traffic"; 
type uintl6 { 
range "1..4094"; 

} 

> 


> 


//ip access-list resequence 
container resequence { 
description 

"Resequence Access List"; 
leaf numbers { 
type union { 

type ios-types:std-acl-type 
type ios-types:ext-acl-type 

> 

} 

leaf start-seq-no { 
type uint64 { 

range "1..2147483647"; 

} 

} 

leaf step-seq-no { 
type uint64 { 

range "1..2147483647"; 

> 


YANG in the context of Netconf 


Mgmt info 
(definition) 


YANG modules 



Mgmt info 
(payload) 

1 

XML-encoded content 

Mgmt 

Services 

Netconf operations 
<edit-config>, <get-config>, <get> 



Remote 

Operations 


Netconf RPC 
<rpc>, <rpc-reply> 



Transport 


TLS, SSH 


























Yang Service Model Definition 


module myVpnService { 

namespace "http://com/example/myVpnService"; 

prefix myVpnService; 

import ietf-inet-types { 
prefix inet; 

} 

import tailf-ncs { 
prefix ncs; 

} 

import tailf-ned-cisco-ios { ^ 

prefix ios; 

import tailf-ned-cisco-ios-xr { 
prefix iosxr; 

augment /ncs:services { 
list myVpnService { 
key name; 

uses ncs:service-data; 
ncs: se rvicepoint^wyVpffService''; 
leaf name { 
type string; 

> 

leaf ip-address-a { 

type inet:ipv4-address; 



IETF data type 



Loopback 1.1.1.1 
Int 1/1 



DEVICE A 


Loopback 2.2.2.2 



DEVICE B 


BRKSPG-2210 
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Yang Service Model Definition 


Lear lp-aoaress-a ■ 

type inet:ipv4-address; 
mandatory true; 

} 

leaf ip-address-b { 

type inet:ipv4-address; — 
mandatory true; 

} 

leaf device-name-a { . . . 

type leafref { 

path "/ncs:devices/ncs:device/ncs:name"; 

} 

mandatory true; 

} 

leaf if-name-a { 

type leafref { 

path "deref(../device-name-a)/../ncs:config/ios:interface/ios:GigabitEthernet/ii 

} 

mandatory true; 

} 

leaf device-name-b { 

type leafref { 

path "/ncs:devices/ncs:device/ncs:name"; 

} 

mandatory true; 


j 

mandatory true; 

leaf device-name-b { 

type leafref { 

path "/ncs:devices/ncs: device/ncs: name"; 

} m 

mandatory true; ^ 

} - 

leaf if-name-b { 

type 

path "deref (. ./device-name-b)/. ./ncs: config/ios: intejjM^|^^S|II^^Wnernet/ios: 

mandato ry t rue; ..... , • - • 

} -- 

leaf circuit-id {| 
type int32 { 

range "1..4094"; 

} 

mandatory true; 

} 

} 


Loopbacks 


Devices 


Interfaces 


Circuit ID 


Loopback 1.1.1.1 
Int 1/1 


Loopback 2.2.2.2 




DEVICE A 


DEVICE B 


BRKSPG-2210 


40 











NETCONF/YANG High-level Properties 


NETCONF 

Network management protocol specifically designed to 
support service activation and provisioning. 

Encrypted, efficient transport 

XML content transported over SSH+TCP. 

Extensible 

XML Namespaces make it possible to add e.g. 
new RPC types or new table columns without 
breaking existing applications. 

Transactional 

Configuration changes happen all-or-nothing 
and all-at-once which simplifies network 
management applications. 

Network-wide 

Can address multiple network elements in 
,i|M|i,parallel to implement network-wide 
dsco transactions. 


YANG 

Text based data modeling language designed for use with 
NETCONF. 


Operator friendly 

Easy to mimic existing human operator interfaces, 
such as CLI and WebUI. Supports tables inside 
tables. 

Precise 

Very precise and specific data definitions. Allowed 
values could be 11 1..99 | 1300,. 1999 | none". Explicit 
about keys in tables. 

Extensible 

Define additional keywords in Yang with rigid 
syntax, that standard compilers parse correctly. 
Additional keywords used to generate code, 
documentation, test cases, etc based on model. 

Human readable 

Non-programmers can read Yang models. 

€■ 2014 Cisco and/or its affiliates. All nghls reserved. Cisco Ccnfideniial 


Basic YANG Statements 


YANG Programming Equivalent Description 


Leaf 

Variable 

Contains a single value of a specific type 

Leaf-List 

Array 

Contains a list of values of the same type 

Container 

Record 

Structure that groups together a bunch of other types 
(leaf, leaf-list, container, list, leafref) 

List 

Array of Records 

Contains a list of zero or more sets of values/types 

Leafref 

Pointer 

Contains a link to another node elsewhere in the tree 


CISCO ©2014 Ciscoandtor itsaffiliates. All rights reserved. Cisra Confidential 

























Basic YANG Statements 



Container 




YANG 

Programming Equivalent 

Container 




Leaf 

Variable 

Leaf-List 

Container 




Leaf-List 

Array 

List 

Leaf 




Container 

Record 





Container 

Leaf 

Leaf 

Leaf-Ref 



Leaf 




List 

Array of Records 





Container 

Leaf 

Leaf 

Leaf-Ref 



Leaf 

Leafref 

Pointer 



Container 

Leaf 

Leaf 

Leaf-Ref 

CISCO 


















Yang examples 


augment /ncs services { 
list 12vpn { 
key name; 
leaf name { 

} 

list endpoint { 
key device; 

leaf device { 

} 

leaf intf-number { 

} 

leaf remote-ip { 

} 

} 

leaf pw-id { 

} 

} 

} 


container vpn { 
list 13vpn { 
key name; 
leaf name { 
i 

leaf as-number { 

} 

list endpoint { 
key rr id " ; 
leaf id{ 

} 

leaf ce-device { 

} 

leaf ce-interface { 

} 

leaf ip-network { 

} 

leaf bandwidth { 

} 

} 

} 

} 


f Ccrifidenli-sl 


40 





YANG Data Types 
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YANG Supports a Number of Data Types 

Built-in Types Derived Types 


Name 

Description 

intS/16/32/64 

Integer 

uinta/16/32/64 

Unsigned integer 

decimal64 

Non-integer 

string 

Unicode string 

enumeration 

Set of alternatives 

boolean 

True or false 

bits 

Boolean array 

binary 

Binary BLOB 

leafref 

Reference 

identityref 

Unique identity 

empty 

No value, void 

union 

Choice of membertypes 

instance-identifier 

References a data tree node 






































Common YANG Data Types (RFC 6991) 


IETF YANG Types 


Name 


Description 


counter32 

non-negative 32-bit integer that monotonically increases 

zero-based-counter32 

a counter32 that has the defined initial value zero 

counter64 

non-negative 64-bit integer that monotonically increases 

zero-based-counter64 

a counter64 that has the defined initial value zero 

gauge32 

non-negative integer, which may increase or decrease 

gauge64 

date-and-time 

phys-address 

non-negative integer, which may increase or decrease 

ISO 8601 standard for representation of dates and times 

colon-separated hexadecimal pairs [e.g. 1 a:ba:da:ba:dO) 

mac-address 

six colon-separated hexadecimal pairs [e.g. 1a:ba:da:ba:dD:00] 

xpathl .0 

XPATH 1.0 expression 

hex-string 

colon-separated hexadecimal pairs of arbitrary length 

uuid 

universally unique identifier [RFC 4122] 




Using Types 

import ietf-yang-types { 
prefix yang; 

} 


■ M i* 
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Common YANG Data Types (RFC 6991) 
(Cont.) 

v ' IETF INET Types Using Types 


Name 

Description 

ip-version 

IP protocol version: 1=IPv4. 2=IPv6, D=unknown 

dscp 

Differentiated Services Code Point value: 0 to 63 

ipv6-flow-label 

32-bit integer in the range from 0 to 1048575 

port-number 

16-bit integer in the range from 0 to 65535 

as-number 

32-bit integer representing 2 or 4 octet BGP AS numbers 

ip-address 

IPv4 or IPv6 address 

ipv4-address 

IPv4 address [e.g. 10.1.2.3) 

ipv6-address 

IPv6 address (e.g. fd85:b310:6513:194b::1) 

ip-prefix 

IPv4 or IPv6 prefix 

ipv4-prefix 

IPv4 prefix [e.g. 10.1.2.0/24) 

ipv6-pre fix 

IPv6 prefix [e.g. fd85:b310:6513:194b::/64) 

domain-name 

DNS domain name 

host 

IP address orDNS domain name 

uri 

uniform resource identifier 




import ietf-inet-types { 

prefix inet; 

} 
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// percentage type 

typedef percentage-type { 

type uint8 { 

range " I..100 ™ ; 

) 

l 

// Weekday type 

typedef weekday-type { 
type enumeration { 
enum Mon; 
enui Tue; 
enum Wed; 
enum Thu; 
enum Fri; 
enum Sat; 
enum Sun; 

) 

I 

// Hour £ minute £ optional second type 

typedef hhmm-type { 

type string { 

pattern T ([0-1]?[0-9] | 2[0-4]): T + 

T ([0-5][0-9}}(:[0-5][0-9])? 

) 

l 

// Route Distinguisher AS:MUM or IF:MUM 

typedef rd-type | 
type string { 

pattern T ((\d+)( (\.\d+) (3})?)\:\d+' 

} 



typedef dscp-type; 

type union; 

type uintS { range T T 0. ,63' '; } 

type enumeration ( 

enum 

af 11 


enum 

af 12 


enum 

af 13 


enum 

af 21 


enum 

af 22 


enum 

af 23 


enum 

af 31 


enum 

af 3 2 


enum 

af 33 


enum 

af41 


enum 

af 42 


enum 

af 43 


enum 

csl ; 

enum 

cs2 ; 

enum 

cs3 ; 

enum 

cs4 ; 

enum 

cs5 ; 

enum 

cs6 ; 

enum 

cs7 ; 

enum 

default; 

enum 

dscp; 


enum 

ef ; 

enum 

precedence; 

| 


} 


» 
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Basic YANG Statements 


Leaf 

Container 

List 

Leafref 


Container 

Container 

Leaf-List 

Container 

List 

Leaf 

Container Leaf Leaf 


Leaf 

Container Leaf Leaf 

Leaf 

Container Leaf Leaf 


Leaf-Ref 


Leaf-Ref 


Leaf-Ref 






Data Model and Data Visualization 

Data model (schema): Sample data: 


■ YANG 


XML: 


* XPath to reference data in the hierarchy: 

/ loopback-ipv4 
/ loopback-ipv4 / loopback 
/ loopback-ipv4 / ip-address 


* Graphic visualization of hierarchy and data 
type: , 



Leaf 

L 

Leaf-list 

L 

List 

C 

Container 


T 

Typedef 

G 

Grouping 

•< 

Key Leaf 

R 

Leafref 


11 1 1. r 1 1 * 

CISCO 


<loopback-ipv4> 

<loopback>l</loopback> 
<ip-address>10 .1.1. l</ip-address> 
</loopback-ipv4> 

<loopback-ipv4> 

<loopback>2</loopback> 
<ip-address>10 .2.2. 2</ip-address> 
</loopback-ipv4> 


■ Table: 

192 . 0 . 2.213 

16772 

198 . 51 . 100.22 

19234 

203 . 0 . 113.89 

22315 


These methods are used throughout the course 
to help with understanding of YANG data 

modeling. 

































Leaf 


| loopback 


XPath: 

/ loopback 


YANG (data model) 



XML (data) _ 

<1 oopback>K/loopbaclc> 


Single value using a built-in or derived data type 
Zero or one instance 


. 11 1 . 1 1 > * 
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Leaf Attributes 


Attribute 

Description 

config 

Whether this leaf is a configurable value ("true") or operational 
value ("false"). Inherited from parent container if not specified 

default 

Specifies default value for this leaf. Implies that leaf is optional 

mandatory 

Whether the leaf is mandatory ("true") or optional ("false") 

must 

XPath constraint that will be enforced for this leaf 

type 

The data type (and range etc) of this leaf 

when 

Conditional leaf, only present if XPath expression is true 

description 

Human readable definition and help text for this leaf 

reference 

Human readable reference to some other element or spec 

units 

Human readable unit specification (e.g. Hz t MB/s, °F) 

status 

Whether this leaf is "current", "deprecated" or "obsolete" 


■ i j h i j u 
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Container <*, 

XPath: 

/ loopback-ipv4 
/ loopback-ipv4 / loopback 
/ loopback-ipv4 / ip-address 

1 | 1Q.1.1.1 


4 


c I loopback-ipv4 


□ 


loopback 


] | ip-address 


YANG (data model) _ 

container loopback-ipv4 { 
leaf loopback { 
type int32 { 

range " 0 .. 214748364 7 " ; 

} 

\ 

leaf ip-address ( 

type inet:ipv4-address 

I 


XM L (data) _ 

<loopback-ipv4> 

<loophack>l</loopback> 
<ip-address>10 .1.1. l</ip-address> 
</loopback-ipv4> _ 


• Used to group one or more other statements 


• Has no data type by itself 


• May have an implicit meaning 

P I | I 4 I | I A 

CISCO 


SI 
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E 

| Ioopback-ipv4 | 


\ \ loopback | | 

| | ip-address | 


i 

10.1.1.1 


2 

10.2.2.2 


XPath: 

/ loopback-ipv4 
/ Ioopback-ipv4 / loopback 
/ ioopback-ipv4 / ip-address 


YANG (data model) _ 

list loopback-ipv4 { 
key loopback; 
unique ip-address; 
leaf loopback { 
type int32 { 

range " 0 .. _ 2147483647 " ; 

} 

> 

leaf ip-address { 

type inet:ipv4-address 

> 


XML (data) 

<loopback-ipv4> 

<loopback>l</loopback> 
<ip-address>10 .1.1. l</ip-address> 
</loopback-ipv4> 

<loopback-ipv4> 

<loopback>2</loopback> 
<ip-address>l€ .2.2. 2</ip-address> 
</loopback-ipv4> 


• Contains one or more substatements 


• Requires one unique identifier (key) 

• Zero or more instances 

• < I * • 1 1 1 » 
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What does YANG stand for ? 
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NSO LAB 

NSO Installation 
NED Installation 
NSO WebUI - CLI 










NSO Installation -1 


root@debian:/home/test/Downloads/bootcamp#|sh nso-5.1.1.linux.x86 64.signed.bin 
Unpacking... 1 1 

Verifying signature... 

Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ... 

Successfully downloaded and verified crcam2.cer. 

Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ... 
Successfully downloaded and verified innerspace.cer. 

Successfully verified root, subca and end-entity certificate chain. 

Successfully fetched a public key from tailf.cer. 

Successfully verified the signature of nso-5.1.1.linux.x86 64.installer.bin using tailf.cer 
root@debian:/home/test/Downloads/bootcamp# 
rootfldebian:/home/test/Downloads/bootcamp# 
root@debian : /home/test/Downloads/bootcamp# Is 

cisco x509 verify release . py nso-5.1.1.linux . x86 64 . installer.bin . signature README . signature 

nso-5 . 1.1.linux.x86 64 . installer.bin nso-5.1 . 1.linux.x86 64.signed . bin tailf . cer 





NSO Directories 



bin/ 


lib/ 


doc/ 


^ examples, ncs 


ncs-cdb/ 

ncs.conf 


CISCO 


ncs-run-bootcamp 


Next Slide 


t 


Two directory types: 

IriiStallation Directory | 


Project Directories 
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NSO Installation -2 


root@debian : /home/test/Downloads/bootcamp# 
root@debian : /home/test/Downloads/bootcamp# Is 

cisco_x509_verify_release . py nso-5 . 1.1.linux . x86_64.installer.bin.signature README . signature 

nso-5.1.1.linux.x86 64.installer.bin nso-5.1.1.linux.x86 64.signed.bin tailf.cer 

root@debian: /home/test/Downloads/bootcamp# 

root@debian:/home/test/Downloads/bootcamp# sh nso-5 . 1.1.linux . x86 64 . installer.bin /home/test/NSO-BOOTCAMP 

INFO Using temporary directory /tmp/ncs_in£T£ller.2/y 7 Td Nib ln^llatloh buiidle 

INFO Unpacked ncs-5.1.1 in /home/test/NSO-BOOTCAMP 

INFO Found and unpacked corresponding DOCUMENTATION PACKAGE 

INFO Found and unpacked corresponding EXAMPLE PACKAGE 

INFO Generating default SSH hostkey (this may take some time) 

INFO SSH hostkey generated 

INFO Environment set-up generated in /home/test/NSO-BOOTCAMP/ncsrc 

INFO NCS installation script finished 

INFO Found and unpacked corresponding NETSIM PACKAGE 

INFO NCS installation complete 

root@debian : /home/test/Downloads/bootcamp# [ 




NSO Installation -3 


root@debian:/home/test# 
root@debian:/home/test# cd NSO-BOOTCAMP/ 
root@debian:/home/test/NSO-BOOTCAMP# 
root@debian:/home/test/NSO-BOOTCAMP# Is 

bin doc etc include lib man ncsrc.tcsh packages scripts support VERSION 

CHANGES erlang examples.ncs java LICENSE ncsrc netsim README src var 

root@debian:/home/test/NSO-BOOTCAMP # 

root@debian:/home/test/NSO-B00TCAMP#| source ncsrc 

root@debian:/home/test/NSO-BOOTCAMP# 1 1 1 


root@debian:/home/test#. . 

root@debian:/home/test#|ncs-setup --dest /home/test/ncs-run-boot camp/ | 
root@debian:/home/test# 
root@debian:/home/test# Is 

backup docker ncsrc NETCONF nso.retry samples 

bgpmgr.txt Downloads ncs-run NSO-5.1.1 packages sr-bootcamp 

Desktop JSON-RPC ncs-run-bootcamp NSO-BOOTCAMP REST-bgpmgr.txt test.sh 

root@debian:/home/test# 

root@debian:/home/test# cd ncs-run-bootcamp 

root@debian:/home/test/ncs- run- bootcamp# 

root@debian:/home/test/ncs-run-bootcamp# Is 

logs ncs-cdb ncs.conf packages README.ncs scripts state 

root@debian:/home/test/ncs- run- bootcamp# 




NSO CLI 


test@debian:~$ su 
Password: 

root@debian : /home/test#| source ./NSO-BOOTCAMP/ncsrc | 
root@debian:/home/test# 1 

root@debian:/home/test# cd ncs-run-bootcamp/ 
root@debian : /home/test/ncs- run -bootcamp# 
root@debian:/home/test/ncs- run -bootcamp# 
root@debian : /home/test/ncs-run-bootcamp#. 
root@debian:/home/test/ncs- run - bootcamp# ! ncs cli -C | 

root connected from 127.0.0.1 using console on debian 

root@ncs# 

root@ncs# | 





NED Installation : cisco-ios 


root@debian:~# 

root@debian:~# cd /home/test/Downloads/bootcamp/NED 
root@debian:/home/test/Downloads/bootcamp/NED# Is 
cisco-ios cisco-iosxr 

root@debian:/home/test/Downloads/bootcamp/NED# Is ./cisco-ios 
ncs-5.1,1-cisco-ios-6.24.tar.gz 

root@debian:/home/test/Downloads/bootcamp/NED# Is ./cisco-iosxr 
ncs-5.l.l-cisco-iosxr-7.12.3.tar.gz 
root@debian:/home/test/Downloads/bootcamp/NED# cd - 

root@debian:/home/test/ncs- run-bootcamp# Is 

logs ncs-cdb ncs.conf packages README.ncs scripts state storedstate target 
root@debian:/home/test/ncs-run-bootcamp# cd packages/ 
root@debian:/home/test/ncs- run-bootcamp/packages# 

root@debian:/home/test/ncs- run-bootcamp/packages# tar -xzvf /home/test/Downloads/bootcamp/NED/cisco-ios/ncs-5.1 

cisco-ios-cli-6.24/ 

cisco-ios-cli-6.24/load-dir/ 

cisco-ios-cli-6.24/load-dir/tailf-ned-cisco-ios-stats.fxs 
cisco-ios-cli-6.24/load-dir/tailf-ned-cisco-ios-meta.fxs 

cisco-ios-cli-6.24/load-dir/tailf-ned-cisco-ios-oper.fxs _ 


cisco-ios-cli-6.24/private-jar/cisco-serializer.2.7.2b.jar 

cisco-ios-cli-6.24/package-meta-data.xml 

cisco-ios-cli-6.24/shared-jar/ 

cisco-ios-cli-6.24/shared-jar/ios-ns.jar 

cisco-ios-cli-6.24/LICENSE 

root@debian:/home/test/ncs- run-bootcamp/packages# Is 
cisco-ios-cli-6.24 

root@debian:/home/test/ncs-run-bootcamp/packages# | _ 






NED Installation : cisco-iosxr 


root@debian:/home/test/ncs- run-bootcamp/packages# 
root@debian:/home/test/ncs- run-bootcamp/packages# 

root@debian:/home/test/ncs-run-bootcamp/packages# tar -xzvf /home/test/Downloads/bootcamp/NED/cisco-iosxr/ncs-5. 

1.1-cisco-iosxr-7,12.3.tar.qz 

cisco-iosxr-cli-7.12/ 

cisco-iosxr-cli-7.12/build-meta-data.xml 

cisco-iosxr-cli-7.12/load-dir/ 

cisco-iosxr-cli-7.12/load-dir/tailf-ned-sec rets.fxs 
cisco-iosxr-cli-7.12/load-dir/tailf-ned-loginscripts.fxs 
cisco-iosxr-cli-7.12/load-dir/ietf-interfaces.fxs 
cisco-iosxr-cli-7.12/load-dir/tailf-ned-cisco-ios-xr.fxs 


cisco-iosxr-cli-7.12/package-meta-data.xml 
cisco-iosxr-cli-7.12/LICENSES.nedcom/ 
cisco-iosxr-cli-7.12/LICENSES.nedcom/CUP LICENSE 
cisco-iosxr-cli-7.12/LICENSES.nedcom/APACHEV2 LICENSE 
cisco^iosxr^cli^j^^LICENSESjTedcom^README^^^^^^^^ 
root@debian:/home/test/ncs-run-bootcamp/packages# 
root@debian:/home/test/ncs-run-bootcamp/packages# Is 
cisco-ios-cli-6.24 cisco-iosxr-cli-7.12 
rootOdebian:/home/test/ncs-run-bootcamp/packaaes# I 






NSO Package Reload 


root@debian:/home/test/ncs- run- boot camp#l ncs cli -C 


root connected from 127.0.G.1 using console on debian 
root@ncs# 

root@ncs# show packages 
% No entries found. 
root@ncs# show packages 

root@ncs# 

root@ncs# packages reload 


»> System upgrade is starting. 

>» Sessions in configure mode must exit to operational mode. 

»> No configuration changes can be performed until upgrade has completed. 

»> System upgrade has completed successfully. 

reload-result { 

package cisco-ios-cli-6.24 
result true 

} 

reload-result { 

package cisco-iosxr-cli-7.12 
result true 

} 

root@ncs# 

System message at 2019-07-05 07:14:22... 

Subsystem started: ncs-dp-l-cisco-ios-cli-6.24:I0SDp 

I root one s# I 

root@aeDian:/nome/test/ncs- run-oootcamp# 

root@debian:/home/test/ncs-run-bootcamp# ncs --stop 

root@debian:/home/test/ncs-run-bootcamp# 

root@debian:/home/test/ncs-run-bootcamp# ncs --with-package-reload 

rnntprlahl an ■ /hnma/tart/nrr ■ ri in ■ hnntramn# 








NSO Package Status 


root@debian:/home/test/ncs- run - bootcamp# 
root@debian:/home/test/ncs-run-bootcamp# ncscli -C 


|root connected from 127.0.0.1 using console on debian 


root@ncsTP 

|root@ncs# show packages package oper*status 




PROGRAM 





CODE 

JAVA 


BAD NCS 

NAME UP 

ERROR 

UNINITIALIZED 

VERSION 

cisco-ios-cli-6.24 X 

. 

- 


- 

cisco-iosxr-cli-7.12 X 

- 

- 


- 


PACKAGE 
META FILE 

PACKAGE PACKAGE CIRCULAR DATA LOAD ERROR 

NAME VERSION DEPENDENCY ERROR ERROR INFO 
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NSO Configuration File : ncs.conf 


root@debian:/home/test/ncs- run -bootcamp# 
root@debian:/home/test/ncs- run -bootcamp# Is 

logs ncs-cdb ncs.conf packages README.ncs scripts state storedstate target 



cs- 

cs- 


hi* 

Pmo 


amp# 

amp# nano ncs.conf 



GNU nano 2.2.6 File: ncs.conf 


!-- -*- nxml --> 

|<! - - Example configuration file for ncs. --> 

<ncs-config xmlns="http://tail-f.com/yang/tailf-ncs-config"> 

<!-- NCS can be configured to restrict access for incoming connections --> 
<!-- to the IPC listener sockets. The access check requires that --> 

<!-- connecting clients prove possession of a shared secret. --> 
<nc5-ipc-access-check> 

<enabled>false</enabled> 

<filename>${NCS DIR}/etc/ncs/ipc access</filename> 

</ncs-ipc-access -check> 

<!-- Where to look for .fxs and snmp .bin files to load --> 

<load-path> 

<dir>./packages</dir> 

<dir>${NCS_DIR}/etc/ncs</dir> 

<!-- To disable northbound snmp altogether --> 

<!-- comment out the path below --> 

<dir>${NCS_DIR}/etc/ncs/snmp</dir> _ 


[ Read 365 lines ] 


Q Get Help 

WriteOut 

SB| Read File 

| Prev Page 

Cut Text 

Q Cur Pos 

J Exit 

j Justify 

l Where Is 

! Next Page 

1 UnCut Text 

To Spell 












NSO Configuration File : ncs.conf 
Search WebUI 


GNU nano 2.2.6 


File: ncs.conf 


<prompt2>\u@ncs% </prompt2> 

<c - p rompt1>\u@ncs# </c-p rompt1> 

<c-prompt2>\u@ncs(\m)# </c-prompt2> 

<show-log -directory>./logs</show-log-directory> 

<show-commit -progress>t rue</show-commit - progress> 

<suppress-commit-message-context>maapi</suppress- commit-message-context> 
<suppress-commit-message-context>5ystem</suppress-commit-message-context> 
</cli> 


<webui> 

<enabled>t rue</enabled> 
<transport> 

<tcp> 

<enabled>t rue</enabled> 
<ip>0.0.0.0</ip> 

<po rt>808O</po rt> 

</tcp> 

<ssl> 

<enabled>false</enabled> 

<ip>O.0.0.0</ip> 


*>e arch [webui]: we buil 

Af 

"cl 




Go To Line 
Replace 


i Beg of Par 
1 End of Par 


FullJstify 
Case Sens 


s Backwards 
" Regexp 

















NSO Configuration File : ncs.conf 
WebUI / HTTP/S Enabled 




<enabled>true</enabled> 

<transport> 

<tcp> 

<enabled>true</enabled> 

<ip>O.0.0.0</ip> 

<po rt>8080</po rt> 

</tcp> 

<ssl> 

<enabled>false</enabled> 

<ip>0.0.0.0</ip> 

<po rt>8888</po rt> 

<key-file>${NCS_DIR}/var/ncs/webui/cert/host.key</key-file> 
<cert-file>${NCS DIR}/var/ncs/webui/cert/host.cert</cert-file> 
</ssl> 

</transport> 


<cgi> 

<enabled>t rue</enabled> 
<php> 

<enabled>false</enabled> 

</php> 

</cgi> 


earch [webuil: rest 



Backwards 

Reqexp 


Get Help 
Cancel 


First Line 
Last Line 


j Go To Line 
3 Replace 


jj Beg of Par 
End of Par 


FullJstify 
Case Sens 













NSO Configuration File : ncs.conf 
REST API Enabled 


GNU nano 2.2.6 File: ncs.conf 


</ssl> 

</transport> 

<cgi> 

<enabled>t rue</enabled> 
<php> 

<enabled>false</enabled> 

</php> 

</cgi> 

</webui> 

<Best> 

<enabled>t rue</enabled> 
</rest> 

<restconf> 

<enabled>true</enabled> 

</restconf> 

<netconf- no rth -bound> 
<enabled>true</enabled> 


E? Get Help 

JR WriteOut 

S7 Read File 

Prev Page 

BS Cut Text 

EQ Cur Pos 

! Exit 

| Justify 

! Where Is 

i Next Page 

1 UnCut Text 

To Spell 





NSO HTTP WebUI 


mm* Login x _ iP X 

<- -> C © Not secure | 192.168.56.200:8080/login.html o* ft 0 : 













NSO HTTP WebUI 


0 Application hub x + 

<- c © Not secure | 192.168.56.200: 8080/webui-one/ 


_ L° X 

☆ © • 


,ill.i|i. 

CISCO 


Application hub 


root v 





.ill.III. 

.ill.ill. 


.ill.ill. 


.ill.lll» 

CISCO 

CISCO 


CISCO 


CISCO 



Commit manager 


See the status of your current transaction 
and commit your changes 


Configuration editor 


Access the data models that are loaded in 
NSO. 


Device manager 


Find, synchronize and group your devices. 
Monitor connectivity status and access the 
configuration data. 


Service manager 


Find and synchronize your services. See 
deployment status and access the service 
configuration data. 




sh board 


Device 

manager 


Senhoe 

manager 









L° X 


NSO HTTP WebUI 

0 Configuration editor x + 

<- -> C © Not secure | 192*168.56.200:8080/webui-one/ConfigurationEditQr it © : 


* i II i ■ 1 1 1 • Configuration editor 

CISCO VERSION: 5, 1,1 


View options ▼ 


root t 
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NSO Device Manager 












Lab Topology 

Cisco Service Provider SDN Routing in Action Sandbox v4 













Lab Topology 

Hostname - IP Address - Telnet user/pass 


Hostname 

IP Address 

Credentials (Telnet) 

XR-1 

198.18.1.21 

cisco / cisco 

XE-2 

198.18.1.22 

cisco / cisco 

XR-3 

198.18.1.23 

cisco / cisco 

XR-4 

198.18.1.24 

cisco / cisco 



Initialize Router Lab 


root@debian:/home/test/sr-bootcamp# nano bootcamp-initial.yml 
root@debian:/home/test/sr-bootcamp# ansible-playbook bootcamp-initial.yml 

play [Build Initial Reset Config] ******************************************************************************* 
TASK [python xrl-initial.py] ************************************************************************************ 

a 5K | python xe 2 — *i n 111 0 1 pyj ************************************************************************************ 

changed: [localhost] 

TASK [ python x r3 - initial. py ] ************************************************************************************ 


fASK [python xr4- initial . py] ************************************************************************************ 





NSO Device Registration / Addition -1 


rootcancs# 

rootcancs# config t 

Entering configuration mode terminal 

rootcancs (conf ig}# devices authgroups group cisco 

rootcancs (conf ig- group -cisco)# umap root 

rootcancs(config-umap-root)# remote-name cisco 

rootcancs (conf ig-umap-root)# remote-password cisco 

rootcancs (conf ig-umap-root )# remote-secondary-password cisco 

rootcancs (conf ig-umap-root)# commit 

Commit complete. 

rootcancs (conf ig-umap-root)# end 

rootcancs# | _ 


root@ncs# show running-config devices authgroups group cisco 

devices authgroups group cisco 
umap root 

remote-name cisco 

remote-password $8$oMMtkX7QYGFVurzSDVvMmUBmTvUgvMgX71xvuXyayTo= 

remote-secondary-password $8$+YJPppQpaFLXS2l+vajh8KIlWSyKWBWOl6soOkUKZ3l= 

j 

l 

root@ncs# 





NSO Device Registration / Addition -2 


root@ncs# config t 

Entering configuration mode terminal 
root@ncs(config)# devices device xrl 

root@ncs(config-device-xrl)# address 198.18.1.21 port 23 
root@ncs(config-device-xrl)# authgroup cisco 

root@ncs(config-device-xrl)# device-type cli ned-id cisco-iosxr-cli-7.12 
root@ncs(config-device-xrl)# device-type cli protocol telnet 
root@ncs(config-device-xrl)# state admin-state unlocked 
root@ncs(config-device-xrl)# commit 
Commit complete. 

root@ncs(config-device-xrl)# top 
root(ancs(config)# | 


root@ncs# show 

devices list 



NAME ADDRESS 

DESCRIPTION 

NED ID 

ADMIN STATE 

xrl 198.18.1. 

root@ncs# 

21 - 

cisco-iosxr-cli-7.12 

unlocked 














NSO Device Registration / Addition -3 

-> G CD Not secure 192.168.56.200:8080/webui-one/DeviceManager 


☆ © 


* 1 11• 111» Device manager 

CISCO VDWOK8.V 


# 


root ▼ 


1 / 1 


| name address port type services ping 

H xrl 198.18.1.21 23 cisco-iosxr-cli-7.12:cisco-iosxr-cli“7.12 0 


|root@ncs# devices check-sync device [ xrl ] 
sync-result { 
device xrl 
result unknown 

} 

root@ncs# 


<- -> C © Not secure 192.168.56.200:8080/webui-one/DeviceManager 


connect 


check-sync 


sync-from sync-to 


ping 

V 

connect 

▼ 

check-sync = 

sync-from 

sync-to 


alarm confi g u ration 

configuration 


.i|i.i)i, Device manager 

CISCO VWSOW6.il 


T~] t ~ 


☆ © 


root ▼ 



name address port type services ping 

H xrl 198.18 1.21 23 cisco-iosxr-cli-7.12:cisco-iosxr-cli-7.12 0 


connect 


check-sync 


sync-from 


= connect = check-sync = sync-from = 


ii 


Actions: 

connect 
check-sync 
sync-from 
sync-to 
































NSO Device Registration / Addition 


root@ncs# config t 

Entering configuration mode terminal 
root@ncs(config)# devices device xrl 

root@ncs(config-device-xrl)# address 198.18.1.21 port 23 
root@ncs(config-device-xrl)# authgroup cisco 

root@ncs(config-device-xrl)# device-type cli ned-id cisco-iosxr-cli-7.12 
root@ncs(config-device-xrl)# device-type cli protocol telnet 
root@ncs(config-device-xrl)# state admin-state unlocked 
root@ncs(config-device-xrl)# commit 
Commit complete. 

root@ncs(config-device-xrl)# top 
root(ancs(config)# | 


root@ncs# show 

devices list 



NAME ADDRESS 

DESCRIPTION 

NED ID 

ADMIN STATE 

xrl 198.18.1. 

root@ncs# 

21 - 

cisco-iosxr-cli-7.12 

unlocked 














NSO Device Registration / Addition 


root@ncs# 

System message at 2019-07-06 21:03:01... 

Commit performed by root via console using cli. 

root@ncs# devices sync-from device [ xe2 xr3 xr4 ] 

sync-result { 
device xe2 
result true 

} 

sync-result { 
device xr3 
result true 

} 

sync-result { 
device xr4 
result true 


• 11 III 1 It 

CISCO 

j- 

root@ncs# 1 

VCHSKHM:6.V1 

■ ■“a-- 

091 

^ 4 / 4 


name 

address 

port 

Q xe2 

193,13.1.22 

23 

H xrl 

193.18.1.21 

23 

H xr3 

198.18.1.23 

23 

H xr4 

198.18.1.24 

23 



connect check-sync sync-from sync-to alarm 



connect 

check-sync 

sync-from 

▼ 

sync-to 

w 

connect = 

▼ 

check-sync = 

sync-from 


sync-to 


connect 

check-sync 

sync-from 


sync-to 


connect 

check-sync 

sync-from 


sync-to 


configuration 

configuration 

configuration 

configuration 

configuration 
























Device Manager 


■ NSO keeps a master copy of configuration for all devices in CDB 


■ Each Network Element Driver (NED) supports corresponding South-Bound 
protocol: 


■ NETCONF 

■ SNMP 

■ CLI 

■ Generic NED (Java code) 


CDB 



Master Copy of 
Configurations 


Device Manager 
Network Element Driver 
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NED Network Element Driver 


<spanning-tree xmlns=" urmios" > 
<extend> 

<system-id/> 

</extend> 

<mode> 

pvst 

</mode> 

</spanning-tree> 


spanning-tree extend system-id 
spanning-tree mode pvst 






CDB Configuration Database 


NSO WebUI 
CLI-API 


NSO CDB 


• Keeps copy of managed 
devices configuration 

• Maintains Configurations for 
network services across 
instances and devices 






Northbound APIs 




REST API 

GET,P LIT, POST, DELETE 
High Level API into: 

NSO Seivice and Device Manager 


Python API 

Low Level and High Level APIs into: 
NSO cDB 

NSO Transaction Engine 
NSO Service and Device Mangers 


Java API 

Low Level and High Level APIs into 
NSO cDB 

NSO Transaction Engine 

NSO Sen/ice and Device Mangers 





Building Block of NSO CLI 


• Everything is within a hierarchy 

• Most common commands are under the 'devices device’ or ‘devices 
...’ options. 

• Use '?’ to explore options 

• Use T to change output format, debug, or to save output to file. File 
will be saved to ncs-run directory. 

• All changes in config mode need to be commited, all changes can be 
previewed with commit dry-run 


NSO CLI 

• In Operational mode, the CLI displays operational data stored in CDB (or live data from the devices) 

• In Configuration mode, the CLI displays network configuration data stored in CDB 



Operational Miode 

admin@nso# show devices device 

devices device cO 


devices device cl 




Configuration Mode 



nso-run# ncs_cli -u admin -C 


CISCO 
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Synchronizing from Device 


Device Configurations in NSO and actual Device Configuration should match 
After initial device discovery or import, it makes sense to synchronize 





















Displaying Configuration 


• Display only new/changes to configuration (changes not yet committed): 



» Display full configuration 







Check Sync 


• Check if a device has been configured out of band 



> Check if a subset of managed devices has been configured out of band 
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Out of band changes to device 



I I | I i I I K A 

CISCO 
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Comparing Configuration 

• Compare out-of-sync device configuration 














Synchronizing to Device 


When a device has been configured out of band 


• Clears up rogue configuration 

• “dry-run” option available to check changes 

admin@ncs# devices device cl sync-to 


result true 
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sync-to 

sync-from 

check-sync 

compare- 
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Configuring Devices 

* Configuration change happens after commit statement 

N SO CLI: 

admin@ncs(config) # devices device cO config ios :interface FastEthernet 1/0 ip address 192.168.0.1 
255.255.255.0 

admin@ncs(config-if) # top 

adminPncs(config)# devices device cl config ios:interface FastEthernet 1/0 ip address 192.168.0.2 
255.255.255.0 

adminPncs(config-if)# top 

admin@ncs(config)# devices device c2 config ios:interface FastEthernet 1/0 ip address 192.168.0.3 
255.255.255.0 

adminpncs(config-if)# top 

admin@ncs(config)# commit dry-run outformat xml 
adminPncs(config)# show configuration 

adminGncs(config)# commit Transactional guarantee 

Commit complete. 


CISCO 
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Configuring Devices 


* Configuration change happens after commit statement 
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Rollbacks 


’ Every transaction has a corresponding rollback file (linux shell): 


nso-run# Is logs/rollback* 

nso-run# more logs/rollbacklGOOS 

a 

Or NSO CLI: 



admin@ncs# file show logs/rollback<TAB> 


Run rollbacks 

admin@nso(config)# rollback configuration<TAB> 

Possible completions: 

0 - 2011-09-23 09:19:43 by admin via cli 

1 - 2011-09-23 09:15:38 by admin via cli 

2 - 2011-09-23 09:13:35 by admin via cli 

3 - 2011-09-23 08:55:31 by admin via cli 














Rollbacks - Examples 


» If the latest transaction is 10008 


• Rollback 3 latest transactions (10006, 10007, 10008): 



admintfnso(config)# rollback configuration 10006 
admin0nso(config)# show configuration 

If don't want to proceed, just clear instead of commit 

admintfnso(config)# clear 

admin@nso(config)# show configuration 








» Rollback only changes done in the 3 rd latest transaction: 

admin@nso(config)# rollback selective 10006 

admintfnso(config)# show configuration 

admintfnso(config)# commit dry-run outformat native 

admintfnso(config)# commit dry-run outformat xml 

admin0nso(config)# commit dry-run outformat cli 

If don't want to proceed, just abort instead of commit. 

admintfnso(config)# abort 



















































NSO as Single Network CLI 


root@ncs# 






root@ncs# 






root@ncs# devices device xrl live-status cisco-ios 

;-xr-stats: 

exec show ip interface brief 

result 






Sat 3ul 6 13:12:43.991 UTC 





Interface 

IP-Address 

Status 

Protocol 

Vrf-Name 

LoopbackO 

1.1.1.1 

Up 


Up 

default 

MgmtEthO/O/CPUO/O 

198.18.1.21 

Up 


Up 

default 

GigabitEthe rnet0/0/0/0 

99.1.3.1 

up 


up 

default 

GigabitEthe rnetO/O/O/1 

99.1.2.1 

up 


up 

default 

GigabitEthe rnet0/0/0/2 

99.1.11.1 

Up 


Up 

default 

GigabitEthe rnetO/O/O/3 

99.1.4.1 

up 


up 

default 

GigabitEthe rnetO/Q/O/4 

172.16.12.1 

up 


up 

default 

GigabitEthe rnet0/0/0/5 

10.11.12.11 

up 


up 

default 

RP/O/O/CPUO:XR-1# 






root@ncs# 






root@ncs# devices device xe2 live-status ios-stats 

;:exec show 

ip interface brief 

result 






Interface 

IP-Address OK? 

Method 

Status 


Protocol 

GigabitEthe rnetl 

198.18.1.22 YES 

TFTP 

up 


up 

GigabitEthe rnet2 

99.2.3.2 YES 

manual 

up 


up 

GigabitEthernet3 

unassigned YES 

TFTP 

up 


up 

GigabitEthe rnet4 

unassigned YES 

TFTP 

up 


up 

GigabitEthernet5 

unassigned YES 

TFTP 

up 


up 

GigabitEthe rnet6 

10.11.12.12 YES 

TFTP 

up 


up 

LoopbackO 

2.2.2.2 YES 

TFTP 

up 


up 

XE-2# 






root@ncs# 









NSO as Single Network CLI 
NSO Data Tree (config mode) 



group 






























NSO as Single Network CLI 


root@ncs(config-un)# commit 
Possible completions: 

cli native xml 
root@ncs(config-un)# commit 
native { 


device { 
name 
data 


dry-run outformat ? 


dry-run outformat native 


xr3 

username nso 
password 0 nso 
exi t 


root@ncs(config)# devices device xr3 config cisco-ios-xr:username nso password 0 nso 
root@ncs(config-un)# commit dry-run outformat cli 
cli { 

local-node { 

data devices { 

device xr3 { 
config { 

+ cisco-ios-xr:username nso { 

+ password { 

+ encryption 0; 

+ password nso; 

+ } 

+ } 

} 

} 

} 

} 





NSO as Single Network CLI 


root@ncs(config-un)# commit dry-run outformat xml 
result-xml { 

local-node { 

data <devices xmlns= M http://tai1-f.com/ns/ncs M > 

<device> 

<name>xr3</name> 

<config> 

<username xmlns="http://tai1-f.com/ned/cisco-ios-xr"> 
<name>nso</name> 

<password> 

<encryption>0</encryption> ^ 

<password>nso</password> 

</password> 

</username> 

</config> 

</device> 

</devices> 

} 

} 



NSO as Single Network CLI 


root@ncs# show configuration commit changes 
! 

! Created by: root 
! Date: 2019-07-06 22:20:31 
! Client: cli 
! 

devices device xr3 
conf i g 

cisco-ios-xr:username nso 
password 0 nso 
exit 

! 

j 

root@ncs# | 


rootOncs# show configuration commit changes 

j 

! Created by: root 
! Date: 2019-07-06 22:20:31 
! Client: cli 
! 

devices device xr3 
conf i g 

cisco-ios-xr:username nso 
password 0 nso 
exit 

I 

! 

rootOncs# | 







Tips Shell 

1. ncs - - stop / ncs - - with-package-reload 

2. ncs_cli -C ( show / config / commit-dry-run ) 

3. copy / edit nano / compile ../src/yang/xx.yang 

& ../template/xx-template.xml 

4. python / ansible-playbook 
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NSO Service 











Mention more of Network Service that can be Orchestrated ? 



NSO Service Manager and Models 


A Network Service is a collection of configurations across one or multiple 
devices and servers that enable a capability. 

An example is Basic Wireless Service: 


Wireless Sendee 




Gateway Configuration \VLC Configuration Switch Configuration 













NSO Service Manager and Models 

NSO Manages Network Services through the Service Model Construct: 



r 


> 


Designed in YANG and modeled 
with XML templates, code or both 


V. 


J 





Instantiated in NSO with input parameters 
Service's lifecycle is managed by NSO 
(Deployment Compliance and Removal) 

> 


_ ) 

->i 


NSO Pushes configuration based upon service logic 
And input parameters to the devices. 




J 
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Service Model Look Like 








#NSO Your Service 


Customer Service 


VPN Service 


Cloud Service 


vCPE Service 


loT Service 


Customer Service 





















#NSO Your Service 
















#NSO Your Service 


M 



CE1-IP 


VPN Service: Jakarta 
















#NSO Your Service 



Metro 

Ethernet 


Customer-Name 

Customer-ID 

2G 

20 



* 

CEl-DC 


























#NSO Your Service 



Customer-Name 

Customer-ID 

2G 

20 



CE1-DC 





































#NSO Your Service 


* 


CE1-IP 



* 


CE1-DC 


CE-IP 

L2 Metro 

CE-GW 

L3 IP VPN 


L3 IP VPN 

DC-IP 

10.1.20.1 

20 

10.1.20.254 

192.168.56.100 


192.168.56.103 

100.1.20.254 


t 


CE1-IP 




E0/1.20 



E0/0 


E0/1-Trunk 



EO/O 



© — * 

CE1-DC 


Customer-Name 

Customer-ID 

CE-IP 

CE-GW 

DC-IP 

2G 

20 

10.1.20.1 

10.1.20.254 

100.1.20.254 

































#NSO Your Service 


* 


CE1-IP 





CE1-DC 


CE-IP 

L2 Metro 

CE-GW 

L3 IP VPN 


L3 IP VPN 

DC-IP 

10.1.20.1 

20 

10.1.20.254 

192.168.56.100 


192.168.56.103 

100.1.20.254 


Int vlan20 



E0/1.20 


E0/0 E0/0 

g 

ft 

E0/1-Trunk 




W A 


R1 


JunOS 


Int Io20 


Int vlan20 (vrf) 

Vlan - Trunk 

Int subif x.20 (vrf) 

L3VPN Vrf 2G 

Int Io20 (vrf) 

10.1.20.1 

Dotlq 20 

Dotlq 10.1.20.254 

rd:20:1 rt:20:1 

100.1.20.254 


Customer-Name 

Customer-ID 

CE-IP 

CE-GW 

DC-IP 

2G 

20 

10.1.20.1 

10.1.20.254 

100.1.20.254 




































#NSO Your Service 


* 


CE1-IP 





CE1-DC 


CE-IP 

L2 Metro 

CE-GW 

L3 IP VPN 


L3 IP VPN 

DC-IP 

10.1.20.1 

20 

10.1.20.254 

192.168.56.100 


192.168.56.103 

100.1.20.254 


Int vlan20 



E0/1.20 


E0/0 E0/0 

g 

ft 

E0/1-Trunk 

IsSB 



IV a 


R1 


JunOS 


Int Io20 


Int vlan20 (vrf) 

Vlan - Trunk 

Int subif x.20 (vrf) 

L3VPN Vrf 2G 

Int Io20 (vrf) 

10.1.20.1 

Dotlq 20 

Dotlq 10.1.20.254 

rd:20:1 rt:20:1 

100.1.20.254 


Customer-Name 

Customer-ID 

CE-IP 

CE-GW 

DC-IP 

2G 

20 

10.1.20.1 

10.1.20.254 

100.1.20.254 

3G 

30 

10.1.30.1 

10.1.30.254 

100.1.30.254 

4G 

40 

10.1.40.1 

10.1.40.254 

100.1.40.254 

5G 

50 

10.1.50.1 

10.1.50.254 

100.1.50.254 

ENT-60 

60 

10.1.60.1 

10.1.60.254 

100.1.60.254 
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XML 101 












NSO CLI Interface is good for Human Interface 
but NOT for a Machine (Software) 



Automation Approach is 
To make a Machine (Software) 
use Human Oriented Interface 


First, we need a way to translate CLI into a structured Data Form... 
-> YANG and XML 







What does XML stand for ? 



What is XML ? (from w3schools) 

•XML stands for extensible Markup Language 
•XML is a markup language much like HTML 
•XML was designed to store and transport data 
•XML was designed to be self-descriptive 
•XML is a W3C Recommendation 

XML and HTML were designed with different goals: 

•XML was designed to carry data - with focus on what data is 
•HTML was designed to display data - with focus on how data 
looks 

•XML tags are not predefined like HTML tags are 


XML does NOT do anything 


Maybe it is a little hard to understand, but XML does not DO anything. 
This note is a note to Tove from Jani, stored as XML: 


<note> 

<to>Tove</to> 

<from>Jani</from> 
<heading>Reminder</heading> 

<^ody>Don't forget me this weekend!</body> 
</note> 


The XML above is quite self-descriptive: 

■ It has sender information. 

■ It has receiver information 

■ It has a heading 

■ It has a message body. 



XML Tree Structure 



□ □ o 




An Example XML 
Document 



<?xml version= n 1.0 n encoding="UTF-8"?> 
<bookstore> 

<book category= ,, cooking ,, > 

<title Iang= ,, en">Everyday Italian</title 
<authon>Giada De Laurentiis</author> 
<year>2005</year> 

< price >30. 00</price> 

</book> 

<book category= ,, children ,, > 

<title iang= ,, en">Harry Potter</title> 
<author>D K. Rowling</author> 
<year>2005</year> 

< price >29. 99</price> 

</book> 

<book category= ,, web"> 

<title iang= ,, en">Learning XML</title> 
<author>Erik T. Ray</author> 
<year>2003</year> 

< price >39. 95</price> 

</book> 

</bookstore> 






























Cisco IOS in XML 


Cutsheet 

radius server [AAA Server] 

address ipv4 [IPAddress] auth-port [Port #] acct-port [Port #] 
key [Level] [Encrypted Key] 

Actual Configuration 
radius server primary-tnistsec-radius 
address ipv4 10.0.0.1 auth-port 1812 acct-port 1813 
key 7 ABCDEF 
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Cradius xmlns="urn:ios"> 


<server> 

<id>primary-tmstsec-radiiis</id> 

<address> 

<ipv4> 

<acct-port>l 813</acct-port> 
<auth-port> 1812</auth-port> 
<host> 10.1.1. l</host> 
</ipv4> 

</address> 

<key> 

<type>7</type> 

<secret> ABCDEF</secret> 
</key> 


</radius> 


XML Syntax Rule 


XML Documents Must Have a Root Element 

XML documents must contain one root element that is the parent of all other elements 

<root> 

<child> 

< subchild > . </subchild> 

</child> 

</root> 

In this example <note> is the root element: 

< ?xml version="1.0" encoding="UTF-8"?> 

<note> 

<to>Tove</to> 

<f rom>Dani</f rom> 

<heading>Reminder</heading> 

<body>Don’t forget me this weekend! </body> 

</note> 



XML Namespace (prefixes) 

In XML, element names are defined by the developer. This often results in a conflict when 
trying to mix XML documents from different XML applications. 


Name conflicts in XML can easily be avoided using a name prefix. 


When using prefixes in XML, a namespace for the prefix must be defined. 

The namespace can be defined by an xmlns attribute in the start tag of an element. 
The namespace declaration has the following syntax, xmlns :prefix =" URI ". 


A Uniform Resource Identifier (URI) is a string of characters which identifies an 
Internet Resource. 

The most common URI is the Uniform Resource Locator (URL) which identifies an 
Internet domain address. Another, not so common type of URI is the Universal 
Resource Name (URN). 


What command(s) in XML template ? 



XMLTemplate 


CLI Template 


<config-template xmlns-"http://tail-f. com/ns/config/l.0‘‘> 

<deviees xmlns="http://tail-f.coni/ns/'ncs"> 

<device> 

<name>{/DevicesWname> 

<config> 

<ip xn»ln&—*http: //cisco. com/ned/asa"> 

<local> 

<pool> 

<id>{$Partner_site_code}-{$Country_Code}-poDl</id> 

<address>{$Address_pool_start}-{$Address_pool_end}</address> 

<mask>{$Address_pool_mask}</rfiask> 

</pool> 

</local> 

</ip> 


svl-gm-joe-asa-fwl 

ip local pool site-partner-pool 10.0.0.0-10.0,0.255 mask 255.255.255,0 
group-policy site-partner internal 
group-policy site-partner attributes 
address-pools value site-partner-pool 
vpn-simultaneous-logins 1 
exit 





QOS XML 


<policy-map xmlns="urn: ios"> 
<name>classify</name> 

<description>QoS 2.3.2-</desc ription> 
<class> 

<name>qos-scavenger</name> 

<set> 

<dscp> 

<value>8</value> 

</dscp> 

</set> 

</class> 

<class> 

<name>qos-medium-p rio rity</name> 
<set> 

<dscp> 

<value>16</value^ 

</dscp> 

</set> 

</class> 


<interface xmlns="urn: ios"> 
<GigabitEthernet> 
<name>l/0/l</name> 
<service-policy> 

<input>TRUST-MARKING</input> 

</service-policy> 

</GigabitEthernet> 

<TenGigabitEthernet> 

<name>l/l/l</name> 

<service-policy> 

<input>TRUST-MARKING</input> 

</service-policy> 

</TenGigabitEthernet> 

<Vlan> 

<name>10</name> 

<service-policy> 

<input>classify</input> 

</service-policy> 

</Vlan> 


Why XML is used in NSO ? 

The NSO Database is an XML database. 

All devices’ in NSO have their configuration stored in the XML Database 


All Data is stored in XML, and is in a hierarchy (see previous slides) 

You can see the XML and save it to a file, use it as a template, or use it to import the 
data into NSO ^ 


Remember username nso we create on XR3 



root@ncs# show running-config devices device xr3 config cisco-ios-xr:username | display xml 


<config xmlns= M http://tai1-f.com/ns/config/1.0"> 

<devices xmlns="http://tail-f.com/ns/mcs"> 

<device> 

<name>xr3</name> 

<config> 

<username xmlns= n http://tail-f.com/ned/cisco-ios-xr"> 
<name>nso</name> 

<password> 

<enc ryption>0</encryption> 
<password>nso</password> 

</password> 

</username> 

</config> 

</device> 

</devices> 

</config> 
root@ncs# 





How to write configuration command in XML 
IOS Command 


root@ncs# 

root@ncs# config t 

Entering configuration mode terminal 

root@ncs(config)# devices device xe2 config ios:username xml 
root@ncs(config-config)# commit dry-run outformat xml 
result-xml { 

local-node { 

data <devices xmlns="http://tail-f.com/ns/ncs"> 

<device> 

<name>xe2</name> 

<config> 

<username xmlns="urn:ios"> 

<name>xml</name> 

<password> 

<secret>xml</secret> 



</password> 

</username> 

</config> 

</device> 
</devices> 


root@ncs(config-config)# 


password xml 




How to write configuration command in XML 
IOS-XR Command 


root@ncs# 

root@ncs# config t 

Entering configuration mode terminal 

root@ncs(config)# devices device xr3 config cisco-ios-xr:username xml password 0 xml 
root@ncs(config-un)# commit dry-run outformat xml 
result-xml { 

local-node { 

data <devices xmlns="http://tai1-f.com/ns/ncs"> 

<device> 



<name>xr3</name> 

<config> 

<username xmlns="http://tail-f.com/ned/cisco-ios-xr"> 
<name>xml</name> 

<password> 

<encryption>0</encryption> 

<password>xml</password> 

</password> 

</username> 

</config> 

</device> 

</devices> 


root@ncs(config-un)# 



XML in NSO 


• NSO Stores and represents its Database in XML 

• XMLisNSO’s ‘Native’Language 

• While we rarely interact directly with XML in NSO, its very important to 
understand how NSO is representing and navigating the data 

• Our service packages will leverage XML configuration templates 

• We pass variable into XML to generate config for our designs 

• Knowing XML makes troubleshooting much easier 
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NSO Service Package 




YANG 


Input Parameters 





Configuration 




Configuration 
Templates / Logic 


Converted to CLI and 
pushed to the device 


• Define input parameters (YANG) 

• Develop Cutsheet (CLI) 

• Map Input Parameters to cutsheet (XML) 

• Load into NSO 

• Test 




Build NSO Service - Transport 

• ncs-make-package -service-skeleton template bgl-test 

• Took out some dummy values, change into directory, remove xml 
template file for now, run make in src folder, and then packages reload 


root@debian:/home/test/ncs-run-bootcamp# 
root@debian:/home/test/ncs-run-bootcamp# 1s 

logs ncs-cdb ncs.conf packages README.ncs scripts state storedstate target 
root@debian:/home/test/ncs-run-bootcamp# cd packages 

root@debian:/home/test/ncs-run-bootcamp/packages# ncs-make-package --service-skeleton template transport 

root@debian:/home/test/ncs-run-bootcamp/packages# 

root@debian:/home/test/ncs-run-bootcamp/packages# 1s 

cisco-ios-cli-6.24 cisco-iosxr-cli-7.12 transport 

root@debian:/home/test/ncs-run-bootcamp/packages# 

root@debian:/home/test/ncs-run-bootcamp/packages# 
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Network Service : Transport 







Network Service : Transport 
Device Router - OSPF - LDP - RSVP 













Service YANG data model - transport.yang 


root@debian:/home/test/ncs-run-bootcamp/packages# 

root@debian:/home/test/ncs-run-bootcamp/packages# 1s 

cisco-ios-cli-6.24 cisco-iosxr-cli-7.12 transport 

root@debian:/home/test/ncs-run-bootcamp/packages# 

root@debian:/home/test/ncs-run-bootcamp/packages# cd transport 

root@debian:/home/test/ncs-run-bootcamp/packages/transport# Is -al 

total 24 

drwxr-xr-x 5 root root 4096 Jul 7 19:06 . 

drwxr-xr-x 5 root root 4096 Jul 7 19:06 .. 

-rw-r--r— 1 root root 376 Jul 7 19:06 package-meta-data.xml 

drwxr-xr-x 3 root root 4096 Jul 7 19:06 src 

drwxr-xr-x 2 root root 4096 Jul 7 19:06 templates 

drwxr-xr-x 3 root root 4096 May 21 00:07 test 

root@debian:/home/test/ncs-run-bootcamp/packages/transport# cd src 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/src# Is -al 
total 16 

drwxr-xr-x 3 root root 4096 Jul 7 19:06 . 

drwxr-xr-x 5 root root 4096 Jul 7 19:06 .. 

-rw-r--r-- 1 root root 722 Jul 7 19:06 Makefile 

drwxr-xr-x 2 root root 4096 Jul 7 19:06 yang 

root@debian:/home/test/ncs-run-bootcamp/packages/transpo^t/src# cd yang 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# Is -1 
total 4 

-rw-r--r-- 1 root root 587 Jul 7 19:06 transport.yang 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# cp transport.yang /mnt/Users/htjun/ 
python/bootcamp/transport.yang 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# 1s /mnt/Users/htjun/python/bootcamp 

/ 

add-device-to-nso transport.yang xrl-initial.py xr4-initial.py 

transport-tempi ate.xml xe2-initial.py xr3-initial.py 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# | 




Edit transport.yang 


transport-l.yang 

device-ospf-ldp-rsvp-intf 

transport-2.yang 
optimized "when" 

transport-3.yang 

optimized intf leafref 


^transport.yang - Visual Studio Code 


File 

Edit 

Selection View Go Debug Tasks Help 


Untitled-1 • * xr3-initiaLpy =- transport.yang H 

1 

module transport { 


2 

namespace "http : //com/example/transport" ; 

P 

3 

prefix transport; 


4 


V 

5 

import ietf-inet-types { 

6 

prefix inet; 

XTN 

7 

> 


8 

import tailf-ncs { 


9 

prefix ncs; 

ES 

10 

11 

> 


12 

list transport { 


13 

key name; 


14 



15 

uses ncs:service-data; 


16 

ncs:servicepoint "transport"; 


17 



18 

leaf name { 


19 

type string; 


20 

> 


21 



22 

// may replace this with other ways of refering to the devices. 


23 

leaf-list device { 


24 

type leafref { 


25 

path ,r /ncs :devices/ncs :device/ncs:name"; 


26 

> 


27 

> 


28 



29 

// replace with your own stuff here 


30 

leaf dummy { 


31 

type inet:ipv4-address; 


32 

} 


33 

} 


34 

> 



Study transport-l.yang 
Copy transport-l.yang to transport.yang 
Device Router 
OSPF - LDP - RSVP 
Interface List 
Modify Makefile 
Compile 


root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# 1s -1 
total 8 

-rw-r--r-- 1 root root 6401 Jul 7 20:15 transport.yang 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# cp /mnt/Users/htjun/python/bootcam 
/transport-1.yang transport.yang 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# cd .. 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/src# 1s -1 
total 8 

-rw-r--r-- 1 root root 722 Jul 7 19:06 Makefile 

drwxr-xr-x 2 root root 4096 Jul 7 19:06 yang _ _ _ _ _ 



Modify Makefile - from file add-Makefile.txt 


rootedebian:/home/test/ncs-run-bootcamp/packages/transport/src# 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/src# 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/src# nano Makefi1e 


GNU nano 2.2.6File: Makefile 


al1: fxs 
.PHONY: all 

# Include standard NCS examples build definitions and rules 
include $(NCS_DIR)/src/ncs/bui1d/include.ncs,mk 

SRC = $(wildcard yang/*.yang) 

DIRS = ../load-dir 

FXS = $(SRC:yang/%.yang=../load-dir/%.fxs) 

## Uncomment and patch the line below if you have a dependency to a NED 
## or to other YANG files 

# YANGPATH += ../../<ned-name>/src/ncsc-out/modules/yang \ 

# ../../<pkt-name>/src/yang 

YANGPATH += ../../cisco-iosxr-cli-7.12/src/ncsc-out/modules/yang 
YANGPATH += ../../cisco-ios-cli-6.24/src/ncsc-out/modules/yang 





Compile 


root@debian:/home/test/ncs-run-bootcamp/packages/transport/src# 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/src# make 
mkdi r -p ../load-dir 

/home/test/NSO-BOOTCAMP/bin/ncsc Is transport-ann.yang > /dev/null 2>&1 && echo "-a transport-ann.yan 

g"' \ 

--yangpath ../../cisco-iosxr-cli-7.12/src/ncsc-out/modules/yang --yangpath ../../cisco-ios- 
cli-6.24/src/ncsc-out/modules/yang -c -o ../load-dir/transport.fxs yang/transport.yang 
../../cisco-ios-cli-6.24/src/ncsc-out/modules/yang/tailf-ned-cisco-ios.yang:129437: warning: when tailf: 
cl 1-drop-node-name is given, it is recommended that tailf:cli-suppress-mode is used in combination, usin 
g tailf:c"li-drop-nodename in a list child without using tailf:cli-suppress-mode on the list, might lead 
to confusing behaviour, where the user enters the submode without being able to give further configurati 
on. 

../../cisco-ios-cli-6.24/src/ncsc-out/modules/yang/taiIf-ned-cisco-ios.yang:139272: warning: when tailf: 
cli-drop-node-name is given, it is recommended that tailf:cli-suppress-mode is used in combination, usin 
g tailf:cli-drop-nodename in a list child without using tailf:cli-suppress-mode on the list, might lead 
to confusing behaviour, where the user enters the submode without being able to give further configurati 
on. 


../../cisco-iosxr-cn-7.12/src/ncsc-out/modules/yang/taiIt-ned-cisco-ios-xr.yang:83407: warning: when ta 
ilf:cli-drop-node-name is given, it is recommended that tailf:cli-suppress-mode is used in combination, 
using tai1f:cli-drop-nodename in a list child without using tai1f:cli-suppress-mode on the list, might 1 
ead to confusing behaviour, where the user enters the submode without being able to give further configu 
rati on. 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/src# 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/src# 







Package Reload 


root@ncs# show packages package oper-status up 

NAME UP 


cisco-ios-cli-6.24 X 
cisco-iosxr-cli-7.12 X 


root@ncs# packages reload 
»> System upgrade is starting. 

»> Sessions in configure mode must exit to operational mode. 
»> No configuration changes can be performed until upgrade has 
»> System upgrade has completed successfully, 
reload-result { 

package cisco-ios-cli-6.24 
result true 

} 

reload-result { 

package cisco-iosxr-cli-7.12 
result true 

} 

reload-result { 

package transport ^ 

result true 

} 

root@ncs# 

System message at 2019-07-07 20:32:11... 

Subsystem stopped: ncs-dp-l-cisco-ios-cli-6.24:IOSDp 
root@ncs# 

System message at 2019-07-07 20:32:11... 

Subsystem started: ncs-dp-2-cisco-ios-cli-6.24:lOSDp 
root@ncs# 


completed. 


rootOncs# show packages package oper-status up 


NAME UP 


cisco-ios-cli-6.24 X 
cisco-iosxr-cli-7.12 X 
transport X 







Pyang -f tree transport.yang 


root@debian:/home/test/ncs-run-bootcamp/packages/transport/src/yang# pyang -f tree transport.yang > /mn 
t/Users/htjun/python/bootcamp/pyang-tree-transport.txt 


File Edit Selection View Go Debug Tasks Help 



=■ transportyang 


tra ns port-temp I ate.xml 


=- transport-5.yang 


=■ transport-1.yang 


=■ pyang-tree-transport.txt 





module: transport 


TE i 1 — 

2 

+- 

-rw transport* [name] 


iifcj 

3 


+--rw name 

string 


4 


+--rw device? 

-> /ncs:devices/device/name 

5 


+--rw ospf-domain? 

enumeration 


6 


+--rw Idp? 

boolean 


7 


+--rw rsvp? 

boolean 


8 


+--rw single 



9 


+--rw single-id? 

int32 


10 


+--rw Loopback-xr* [Loopback-xr] 


11 


+--rw Loopback-xr -> 

deref(./device)/../ncs:config/cisco-ios-xr:interface/Loopback/id 

12 


+--rw Loopback* [Loopback] 



13 


+--rw Loopback -> deref./device)/../ncs:config/ios:interface/Loopback/name 

14 


+--rw GigabitEthernet-xr* 

[GigabitEthernet-xr] 

15 


+--rw GigabitEthernet-xr -> deref 

/../device)/../ncs:config/cisco-ios-xr:interface/Gigabitl , 

16 


+--rw GE-ospf-type-xr? 

enumeration 


17 


+--rw GigabitEthernet* [GigabitEthernet] 


18 


+--rw GigabitEthernet 

-> deref(../../.. 

/device)/../ncs:config/ios:interface/GigabitEthernet/nam< 

19 


+--rw GE-ospf-type? 

enumeration 


20 


+--rw TenGigE-xr* [TenGigE 

-xr] 


21 

—i 


+--rw TenGigE-xr 

-> deref(../.. 

/../device)/../ncs:config/cisco-ios-xr:interface/TenGigE 











WebUI Service Manager > transport service name 


4r O (D Not secure | 192.168.56.200:8080/webui-one/ServiceManager Gt O 

Apps Space: NSO Develo... c'm Space: NSO Softwar... tkfi Network Services O... © Index of/ncs-pkgs/... » 


.i|i.i|i. Service manager 
CISCO 


VERSIONS..1.1 


root 


■ 


Select s ervice point.... ▼ 
j Select service point... 


0/0 


transport 


No services in list 


4- 0 A Not secure 

::: Apps Space: NSO Develo.. 


1 92.168.56.200:8080/webui-on e/Configuration Ed itor/tra ns port:trans... Q 'fr 

Space: NSO Softwar... 


CISCO 


CISCO Network Services 0... © Index of /ncs-pkgs/... 


» 


■ * 11 ■ 1 1 1 ■ Configuration editor 

CISCO 


VERSIONS. 1.1 


View options 


root 


A t_ /transport:transport/ 


transport:transport Q 


□ 

name 

Idp 

rsvp 

1 ° 

transport-xrl 

false 

false 


©o 



























WebUI Service Manager > transport-xrl 

<- -> C A Not secure 192.168.56.200:8080/webui-one/ConfigurationEditor/transport:trans... Q, & 


:*■ Apps ft Space: NSO Develo... 


(is'J* Space: NSO Softwar... [1-''! Network Services 0... 0 Index of/ncs-pkgs/... 


Q | O : 

» 


■ 1 1 1■ 1 1 1■ Configuration editor 

CISCO VERSIONS. 1.1 


| View options 


root 






















<- 

::: Apps 

O A Not secure 

am Space: NSO Develo... 

192.168.56.200:8080/webui-one/ConfigurationEditor/transport:transport%7Btransport-xr1%7D 

ai'ii Space: NSO Softwar... nin Network Services 0... Q Index of/ncs-pkgs/... Q ASR 9000 Technical... 

€1 

☆ 9 I 

O : 

» 

..I..ih. 

CISCO 

Configuration editor 

VERSION: 5.1.1 

CXD 

a~) 

View options t 

root t 

A t_ /transport:transport{transport-xrl}/ 






















<- O A Not secure | 192.168.56.200:8080/webui-one/ConfigurationEditor/transport:transport%7Btransport-xr1%7D 

Apps cim Space: NSO Develo... ci»« Space: NSO Softwar... ;&jp Network Services O... © Index of /ncs-pkgs/... Q ASR 9000 Technical. 




» 


.i|i.i|i. Configuration editor 
CISCO 


VERSIONS. 1.1 


View options 


root 


A t /tran sport: trans po rt{tran sport-xr l}/ 



Loopback-xr 



□ 

Loopback-xr 


1 

l n 

0 





dDGO 

GigabitEthernet-xr 




n 

GigabitEthernet-xr 

G E-os pf-type-xr 




□ 

o/o/o/o 

point-to-point 




□ 

0/0/0/1 

point-to-point 
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<- O A Not secure 192.168.56.200 8080/webui-one/CommitManager 
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ill Apps c,s<« Space: NSO Develo... iim Space: NSO Softwar... asln Network Services O... Q Index of /ncs-pkgs/... Q ASR 9000 Technical... 


» 


■'1 1 ■ 1 1 1 ■ Commit manager 

CISCO VERSIONS. 1.1 


root t 


Current transaction is VALID 


c 


Revert 



Load/Save 
























show run devices device xrl | display xpath 


root@ncs# show running-config devices device xrl | display xpath 
/devices/device[name='xrl']/address 198.18.1.21 
/devices/device[name='xrl']/port 23 
/devices/device[name= , xrl']/authgroup cisco 

/devices/device[name='xrl 1 ]/device-type/cli/ned-id cisco-iosxr-cli-7.12 
/devices/device[name='xrl']/device-type/cli/protocol telnet 
/devices/device[name=' xrl']/state/admin-state unlocked 

/devices/device[name='xrl']/config/cisco-ios-xr:admin/username[name=‘cisco' ]/group[name='root-system'] 
/devices/device[name='xrl']/config/cisco-ios-xr:admin/username[name='cisco']/secret/encryption 5 
/devices/device[name='xrl']/config/cisco-ios-xr:admin/username[name='cisco']/secret/password $l$3Pbk$i66 
GKKNvpaAL0/07tAodE0 

/devices/device[name='xrl 1 ]/config/cisco-ios-xr:hostname XR-1 

/devices/device[name='xrl']/config/cisco-ios-xr:rcp/client/username cisco 

/devices/device[name='xrl 1 ]/config/cisco-ios-xr:rcp/client/source-interface/GigabitEthernet 0/0/0/4 
/devices/device[name='xrl 1 ]/config/cisco-ios-xr:telnet/ipv4/client/source-interface/MgmtEth O/O/CPUO/O 
/devices/device[name='xrl']/config/cisco-ios-xr:telnet/vrf[name= l default']/telnet-server-list[af='ipv4 f ] 
/server/max-servers 5 

/devices/device[name=' xr 1 1 ] /config/cisco-ios-xr:cdp 

/devices/device[name='xrl']/config/cisco-ios-xr:1ine/console/exec-timeout/minutes 0 

/devices/device[name='xrl']/config/cisco-ios-xr:1ine/console/exec-timeout/seconds 0 

/devices/device[name='xrl']/config/cisco-ios-xr:ipv4/unnumbered/mpls/traffic-eng/Loopback 0 

/devices/device[name='xrl']/config/cisco-ios-xr:snmp-server/community[name='cisco']/RO 

/devices/device[name='xr1']/config/cisco-ios-xr:interface/Loopback[id= 1 0']/ipv4/add ress/ip 1.1.1.1 

/devices/device[name='xrl']/config/cisco-ios-xr:interface/Loopback[id='0']/ipv4/address/mask 255.255.25 5 

.255 

/devices/device[name='xrl']/config/cisco-ios-xr:interface/MgmtEth[id='O/O/CPUO/O']/ipv4/address/ip 198.1 
8.1.21 

/devices/device[name='xrl']/config/cisco-ios-xr:interface/MgmtEth[id='O/O/CPUO/O']/ipv4/address/mask 255 
.255.255.0 

/devices/device[name='xrl']/config/cisco-ios-xr:interface/GigabitEthernet[id='0/0/0/0 1 ]/ipv4/address/ip 



show run devices device xe2 | display xpath 





NSO CLI - create service > transport-xe2 


root@ncs# config t 

Entering configuration mode terminal 
Current configuration users: 

root http (webui from 192.168.56.1) on since 2019-07-07 20:37:38 terminal mode 
root@ncs(config)# transport ? 

% No entries found 
Possible completions: 

Transport Name 

root@ncs(config)# transport transport-xe2 ? 

Possible completions: 
check-sync 
commit-queue 
deep-check-sync 
device 

get-modifications 
1 dp 
log 

ospf-domain 
re-deploy 

reactive-re-deploy 
rsvp 
touch 
un-deploy 
<cr> 

root@ncs(config)# transport transport-xe2 



Check if device config is according to the service 

Check if device config is according to the service 
Transport device 

Get the data this service created 
LDP Enabled 

OSPF Domain 

Run/Dry-run the service logic again 
Reactive re-deploy of service logic 
RSVP Enabled 

Mark the service as changed 
Undo the effects of the service 



Service XML template - transport-template.xml 


root©debian:/home/test/ncs-run-bootcamp/packages/transport# 
root@debian:/home/test/ncs-run-bootcamp/packages/transport# Is -1 
total 16 

-rw-r—r-- 1 root root 376 Jul 7 19:06 package-meta-data.xml 

drwxr-xr-x 3 root root 4096 Jul 7 19:06 src 

drwxr-xr-x 2 root root 4096 Jul 7 19:06 templates 

drwxr-xr-x 3 root root 4096 May 21 00:07 test 

root@debian:/home/test/ncs-run-bootcamp/packages/transport# cd tempiates 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/templates# Is -1 
total 4 

-rw-r—r-- 1 root root 737 Jul 7 19:06 transport-tempi ate.xml 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/templates# | 


root^debi an:/home/test/ncs-run-bootcamp/packages/transport/temp Iates# Is /mnt/Users/htjun/python/bootcam 
P/ 

add-device-to-nso xe2-initial.py xrl-initial.py xr3-initial.py xr4-initial.py 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/templates# cp transport-tempi ate.xml /mnt/Use 
rs/htj un/python/bootcamp/transport-template.xml 

root@debian:/home/test/ncs-run-bootcamp/packages/transport/templates# 1s /mnt/Users/htjun/python/bootcam 
P/ 

add-device-to-nso xe2-initial.py xr3-initial.py 

transport-tempi ate.xml xrl-initial.py xr4-initial.py 
root@debian:/home/test/ncs-run-bootcamp/packages/transport/tempiates# 





Edit transport-template.xml 


transport-template-l.xml 

ospf 

transport-template-2.xml 
ospf + Idp 

transport-template-3.xml 
ospf + Idp + rsvp 


*J transport-template.xml - Visual Studio Code 
File Edit Selection View Go Debug Tasks Help 


% 

=- Untitled-1 

• 


xr3-initial.py =- transport.yang ^ transport-template.xml X 

1 

<config-template xmlns="http://tail-f .com/ns/config/1.0" 

p 

2 




servicepoint="transpont ,, > 

3 

<devices xmlns="http ://tail-f.com/ns/ncs"> 


4 



<device> 

¥ 

5 




<! 

-- 

6 





Select the devices from some data structure in the service 


7 





model. In this skeleton the devices are specified in a leaf-list. 


8 





Select all devices in that leaf-list: 


9 




-- 

> 

K 

10 

11 




<name>{/device}</name> 

<config> 


12 





<!-- 


13 





Add device-specific parameters here. 


14 





In this skeleton the service has a leaf "dummy"; use that 


15 





to set something on the device e.g.: 


16 





<ip-address-on-device>{/dummy}</ip-address-on-device> 


17 





--> 


18 




</config> 


19 



</device> 


20 

</devices> 


21 

</config-template> 


22 








NSO WebUI > Service Manager > transport > lxr, 2xe, 3xr, 4xr 


Service manager 

CISCO 


VERSIONS.!. 1 




root t 


transport 


0/4 


check-sync 

re-deploy 

re-deploy dry-run 

check-sync = 

re-deploy = 

re-deploy dry-run 

■ 

check-sync = 

re-deploy = 

re-deploy dry-run 

1 

check-sync = 

re-deploy 

re-deploy dry-run 

1 

check-sync = 

re-deploy 

re-deploy dry-run 



devices 

1 

1 

1 

1 






















NSO WebUI > Service Manager > transport > lxr, 2xe, 3xr, 4xr 


Configuration editor 

CISCO VERSIONS. 1.1 


View options T root T 













NSO WebUI > Service Manager > transport > lxr, 2xe, 3xr, 4xr 


Configuration editor 

CISCO VERSIONS. 1.1 


View options 


root t 


^ t_ /transport:transport{1xr}/ 


Loopback-xr 


□ 

Loopback-xr 

□ 

0 


(JD0O 


GigabitEthernet-xr ^ 


□ 

GigabitEthernet-xr 

GE-ospf-type-xr 

□ 

o/o/o/o 

point-to-point 

□ 

0/0/0/1 

point-to-point 

□ 

0/0/0/3 

point-to-point 


@80 
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Network Service : VPN 











Network Service : Transport 
bgp-vpnv4 / bgp-vrf / intf-vrf / rsvp 













Build NSO Service - VPN 


root@debian:/home/test# 

root@debian:/home/test# cd ncs-run-bootcamp/packages/ 
root@debian:/home/test/ncs-run-bootcamp/packages# Is -1 
total 12 

drwxr-xr-x 8 9001 users 4096 May 21 20:06 cisco-ios-cli-6.24 

drwxr-xr-x 9 9001 users 4096 May 30 17:30 cisco-iosxr-cli-7.12 

drwxr-xr-x 6 root root 4096 Jul 7 20:26 transport 

root@debian:/home/test/ncs-run-bootcamp/packages# 

rootOdebian:/home/test/ncs-run-bootcamp/packages# ncs-make-package --service-ske 
leton template vpn 

root@debian:/home/test/ncs-run-bootcamp/packages# 
root@debian:/home/test/ncs-run-bootcamp/paekages# Is -1 
total 16 

drwxr-xr-x 8 9001 users 4096 May 21 20:06 cisco-ios-cli-6-24 

drwxr-xr-x 9 9001 users 4096 May 30 17:30 cisco-iosxr-cli-7.12 

drwxr-xr-x 6 root root 4096 Jul 7 20:26 transport 

drwxr-xr-x 5 root root 4096 Jul 8 20:20 vpn 

root@debian:/home/test/ncs-run-bootcamp/packages# M _ 



Edit vpn.yang - Edit Makefile - Compile vpn.yang 


root@debian:/home/test/ncs-run-bootcamp/packages/vpn/src/yang# 1s 
vpn.yang 

root@debian:/home/test/ncs-run-bootcamp/packages/vpn/src/yang# cp /mnt/users/htj 
un/python/bootcamp/vpn-1.yang vpn.yang 

root@debian:/home/test/ncs-run-bootcamp/packages/vpn/src/yang# cd .. 
root@debian:/home/test/ncs-run-bootcamp/packages/vpn/src# nano Makefi1e 


| GNU nano 2.2.6 


File: Makefile 


al 1: fxs 
.PHONY: all 

# Include standard NCS examples build definitions and rules 
include $(NCS_DIR)/src/ncs/bui1d/include.ncs.mk 

SRC = $(wildcard yang/*.yang) 

DIRS = ../load-dir 

FXS = $(SRC:yang/%.yang=../load-dir/%.fxs) 

## Uncomment and patch the line below if you have a dependency to a NED 
## or to other YANG files 

# YANGPATH += ../../<ned-name>/src/ncsc-out/modules/yang \ 

# ../../<pkt-name>/src/yang 

YANGPATH += ../../cisco-iosxr-cli-7.12/src/ncsc-out/modules/yang 
YANGPATH += ../../cisco-ios-cli-6.24/s rc/ncsc-out/modules/yang 

NCSCPATH = $(YANGPATH:%=--yangpath %) 

YANGERPATH = $(YANGPATH:%=--path %)_ 


File Edit Selection View Go Debug Tasks Help 


vpn.yang 


& 

^ vpn-l.xml 

=■ vpn-l.yang X 

21 


II ■ 

-list VPN--- 

p 

22 


list vpn { 

23 



key "name"; 


24 



uses ncs:service-data; 


25 

26 



ncs:servicepoint "vpn"; 


27 

0 


leaf name { 

(§) 

33 



} 


34 

0 


leaf service-type { 

E 

43 

44 

0 


} II leaf service-type 

list service-list { 


53 



}// list customer 


54 





55 


11 ■ 

-CONTAINER BGP-VPN- 


56 

0 


container bgp-vpn { 


91 



}//container bgp-vpn 


92 





93 


II ■ 

-CONTAINER NETWORK SLICE L3VPN- 


94 

0 


container network-slice-13vpn { 


231 



}/ /container network-slice-13vpn 


232 



1 


233 


II ■ 

-end- 


234 


}// list vpn 


235 


}// 

module vpn 


236 














vpn-template.xml 


^ vpn 

-1.xml X 

=■ vpn-l.yang 


1 


<config-template xmlns="http : //tail-f.com/ns/config/1. 0" 


2 



senvicepoint="vpn' , > 


3 


<devices xmlns="http://tail-f .com/ns/ncs 1 ^ 


4 


<! — 


— 

5 

£ 



BGP-VPN 

V 

D 

7 

El 

<! ■ 

-RR-{/bgp-vpn/rr[l]/rr-device}- 

— -y 

224 

El 

<! ■ 

-RR-CLIENT-{/bgp-vpn/rn-client[l]/rr-client-device}-XR-- 


294 

El 

<! ■ 

-RR-CLIENT-{/bgp-vpn/rr-client[2]/rr-client-device}-XR-- 

--->■■ 

364 

El 

<! ■ 

-RR-CLIENT-{/bgp-vpn/rr-client[3]/rr-client-device}-XR-- 


434 

El 

<!- 

-RR-CLIENT-{/bgp-vpn/rr-client[4]/rr-client-device}-XR-- 


505 

E) 

<!- 

-RR-CLIENT-{/bgp-vpn/rr-client[l]/rr-client-device}-IOS- 

--->■■ 

599 

E) 

<!- 

-RR-CLIENT-{/bgp-vpn/rr-client[2]/rr-client-device}-I0S- 


693 

El 

<! ■ 

-RR-CLIENT-{/bgp-vpn/rr-client[3]/rr-client-device}-I0S- 


787 

El 

<! ■ 

-RR-CLIENT-{/bgp-vpn/rr-client[4]/rr-client-device}-I0S- 


882 


<! — 


— 

883 



L3VPN 


884 




---> 

885 


<!- 



886 



NODE LIST L3VPN 


887 


— 

-> 


888 

El 

<! ■ 

-XR /network-slice-13vpn/node-list-13vpn[l]— 


1140 

El 

<! ■ 

--XR /netwonk-slice-13vpn/node-list-13vpn[2] — 


1392 

El 

<! ■ 

-XR /netwonk-slice-13vpn/node-list-13vpn[3]— 


1645 

E) 

<!- 

-XR /network-slice-13vpn/node-list-13vpn[4]— 


1899 

El 

<!- 

-IOS /netwonk-slice-13vpn/node-list-13vpn[l]— 


2136 

El 

<!- 

-IOS /netwonk-slice-13vpn/node-list-13vpn[2]— 





































Network Service : Transport 
bgp-vpnv4 / bgp-vrf / intf-vrf / rsvp 












Service-Manager > vpn > service-id-name 


. 1 1 1 . 1 1 1 . Configuration editor 

CISCO VERSIONS. 1.1 


View options 


root ▼ 


t_/ v P n:v P n { service ~id-nanne}/ 



□ 

service-id 

service-name 

□ 

100 

autocar 

□ 

101 

bmw 

□ 

102 

google 

□ 

500 

5g 

□ 

501 

5g-control 

□ 

502 

5g-user 


C 'k Commit 
manager 


E Configuration 
editor 


B 


Dashboard 


D Device 
manager 


S Service 
manager 


cn)e o 

v 




















Service-Manager > bgp-vpnv4 > bgp-vpn 


• 11 • •«I * • Configuration editor 

CISCO VERSIONS.!.1 


Configuration editor 

CISCO VERSIONS 1.1 



























Service-Manager > vpn > 5g > network-slice-!3vpn 


Configuration editor 

CISCO 


VERSION: 5.1.1 


View options 


root t 


h t_ /vpn:vpn/ 



vpn:vpn 


□ 

name 

service-type 

□ 

59 

network-slice-l3vpn 

□ 

bgp-vpnv4 

bgp-vpn 

□ 

service-id-name 



©O 











Service-Manager > vpn > 5g > node-list-l3vpn 

• 1 1 1 • 1 1 1 • Configuration editor 

cisco VERSIONS. 1.1 


A t_/vpn:vpn{5g}/[ 



node 

-Iist-I3vpn 


□ 

node-name-l3vpn 

node-l3vpn 

□ 

5g-xe2 

xe2 

□ 

5g-xr1 

xrl 


@0O 






















Service-Manager > vpn > 5g > node-list-!3vpn[5g-xe2] > node-slice-!3vpn 


. 1 1 1 . 1 1 1 . Configuration editor 

CISCO VERSIONS. 1.1 


View options 


root ▼ 


^ t. /vpn:vpn{5g}/network-slice-!3vpn/node-list-l3vpn{5g-xe2}/ 


node-name-l3vpn 

5g-xe2 






node-l3vpn 

£ O 


xe2 

T 



node-slice-!3vpn 


□ 

node-slice-name-l3vpn 

link-interface-id-l3vpn-ios 

bandwidth-bps-l3vpn 

Iink-vlan-id-l3vpn 

Iink-ipv4-address-l3vpn 

Iink-ipv4-mask-l3vpn 

routing-protocol-to-ce 

□ 

5g-control 

6 

50000000 

501 

5.2.1.1 

24 

connected 


©o 





























RSVP TE Steering > RSVP-hop-list-l3vpn 


• 1 1 1 •' I ■ • Configuration editor 

cisco VERSION: 5.1.1 


^ t_ /vpn:vpn{5g}/ 



name ^ 

5g 



service-type qj 

network-slice-l3vpn ▼ 




nptwork slicp Rvnn/ * 




network-slice-id-l3vpn ^ Q 

500 



rsvp-te-steering-l3vpn ^ Q 

true ▼ 



flj t- /vpn:vpn{5g}/network-slice-l3vpn/rsvp-te-l3vpn/rsvp-list-l3vpn{5g-xr1 -to-xe2}/ 




















































Before RSVP-TE Steering from xrl to xe2 (direct hop) 

RP/0/0/CPU0:XR-l#trace vrf 500 5.2.1.1 
Wed Jul 10 09:10:55.822 UTC 

Type escape sequence to abort. 

Tracing the route to 5.2.1.1 

1 5.2.1.1 0 msec * 0 msec 

RP/0/0/CPU0:XR-1# 


After RSVP-TE Steering from xrl to xe2 via 1 > 3 > 4 > 2 

RP/0/0/CPU0:XR-l#trace vrf 500 5.2.1.1 
Wed Jul 10 09:06:10.691 UTC 


Type escape sequence to abort. 
Tracing the route to 5.2.1.1 


1 

2 

3 


99.1.3.3 

99.3.4.4 


MPLS: Labels 24000/24 Exp 0] 9 msec 
MPLS: Labels 24000/24 Exp 0] 9 msec 


5.2.1.1 9 msec * 9 msec 


RP/O/O/CPUO:XR-1# 


9 msec 
9 msec 


0 msec 
9 msec 
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Network Service : Redeploy 







Device Manager > check sync 


Device manager 

CISCO VERSION :5.1.1 



4 / 4 


□ 

name 

address 

port 

type 

Q 

xe2 

198.18.1.22 

23 

cisco-ios-cli-6.24:cisco-ios-cIi-6.24 

□ 

xrl 

198.18.1.21 

23 

cisco-iosxr-cli-7.12:cisco-iosxr-cli-7.12 

Q 

xr3 

198.18.1.23 

23 

cisco-iosxr-cli-7.12:cisco-iosxr-cli-7.12 

□ 

xr4 

198.18.1.24 

23 

cisco-iosxr-cli-7.12:cisco-iosxr-cli-7.12 


services ping 


ping 

ping 

ping 

ping 


connect 


alarm 


connect 

connect 

connect 


check-sync sync-from sync-to 


check-sync 

Y 

sync-from = 

sync-to 

Y 







check-sync 

Y 

sync-from = 

sync-to 

Y 







check-sync 

Y 

sync-from = 

sync-to 

Y 







check-sync 

Y 

sync-from = 

sync-to 

Y 



configuration 

configuration 

configuration 

configuration 

configuration 


connect 





























Device Manager > sync-from then > check-sync again 



Device manager 


root t 

CISCO 

VERSION:5.1.1 



OOi 

^ 4 / 4 


+Add filter ^ 


name address port type services ping connect check-sync sync-from sync-to alarm configuration 


Q xe2 198.18.1.22 23 cisco-ios-cli-6.24:cisco-ios-cli-6.24 1 

ping 

connect 

check-sync = 

sync-from = 

sync-to 

T 

configuration 






Q xrl 198.18.1.21 23 cisco-iosxr-cli-7.12:cisco-iosxr-cii-7.12 1 

ping 

connect 

check-sync = 

sync-from = 

sync-to 

T 

configuration 






Q xr3 198.18.1.23 23 oisco-iosxr-cli-7.12:cisco-iosxr-cli-7.12 1 

ping 

connect 

check-sync = 

sync-from = 

sync-to 

T 

configuration 






Q xr4 198.18.1.24 23 cisco-iosxr-cli-7.12:cisco-iosxr-cli-7.12 1 

ping 

connect 

check-sync = 

sync-from =: 

sync-to 

T 

configuration 






























Service Manager > check-sync > re-deploy dry-run 


• 1 1 1 • 1 1 1 • 

Service manager 

* v 

root ▼ 

CISCO 

VERSIONS. 1.1 

* 


transport 

OO 4/4 




name devices check-sync re-deploy re-deploy dry-run 



Q Ixr 1 

Q 2xe 1 

Q 3xr 1 

Q 4xr 1 


check-sync 

= 

re-deploy 

▼ 

re-deploy dry-run EE 

check-sync 

▼ 

re-deploy 

▼ 

re-deploy dry-run = 

check-sync 

▼ 

re-deploy 

▼ 

re-deploy dry-run = 

check-sync 

▼ 

re-deploy 

= 

re-deploy dry-run = 


C Commit 
manager 


re-deploy dry-run, performed 2019-07-10 13:16:04 


devices { 
device xr4 { 
config { 

cisco-ios-xr:router { 
ospf 1 { 

redistribute { 
static { 

} 

} 

} 

} 

cisco-ios-xr:rsvp { 

+ interface GigabitEthernet0/0/0/0 { 

+ } 

+ interface GigabitEthernet0/0/0/1 { 

- L_ 

E Configuration D Dashboa rd H Device 

editor LJ L/ manager 





v 






















Service Manager > re-deploy > check-sync again 


Service manager 

CISCO 


VERSION :5.1.1 




root t 


transport 


OO 4/4 


name 
Q Ixr 
Q 2xe 

Q 3xr 
H 4xr 


devices 

1 

1 

1 

1 


check-sync 

re-deploy 

re-deploy dry-run 

check-sync = 

re-deploy = 

re-deploy dry-run = 

■ 

check-sync = 

re-deploy = 

re-deploy dry-run = 

■ 

check-sync = 

re-deploy = 

re-deploy dry-run = 

■ 

check-sync = 

re-deploy = 

re-deploy dry-run = 
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NSO REST AP 











What is REST API ? 



Building Blocks of NSO REST API 


Everything is within a hierarchy, beginning with 
‘LINUXHOSTNAME: 8080/api ’ 

Typical flow: 

• Choose REST API client (Postman, Bash curl, python requests, 
etc) 

• Choose a REST API URI (API URL path), see first bullet point 

• Choose a REST API Operation (Post, Get, Put, Delete, etc.) 

• Add authentication to the request (default is Basic Auth, 
admin/admin) 

• Send request and check status (200,400, 401 etc) and output 


Create - POST 
Read - GET 
Update -PUT 
Delete - DELETE 



REST API Key Components 


A working URI path (it looks like a website address) 

Necessary headers (like login credentials for auth, if want JSON response, add it) 
A way to deliver the rest call (use postman, curl, python requests) 


GET > Authentication 


GET v 

http://192.168.56.200:8080/a p i/co nfig/vpn/ 

Params 

| Send n 

I Save v 



Code 


Type Basic Auth 

► Read-Service L3VPN copy 


GET V http://192.168.56.200:8080/api/config/vpn/ 


Username 

Authorization# Headers (2) Body Pre-request Script 

Password 

Show Password 

Type Basic Auth 

Body Cookies Headers (7) Test Results 


Username root 

Pretty Raw Preview HTML v 

i 1’ <html> 

2 * <body> 

<hl>401 authentication needed</hl> 

4 </body> 

5 </httnl|> 

Password 

Show Password 


Tests 


The authorizatio 
added as a cust< 

Save help* 















GET > Headers > Content-Type -> Status 200 OK 


► Read-Service L3VPN copy Examples (0) ▼ 


GET v 

http://192.168.56.200:8080/api/config/vpn/ 


Pa rams | 

Send ^ 

Save 

Authorization # 

i 

Headers (2) Pre-request Script 

Tests 



Code 

Key 

Value 


Description 

Bulk 

«l* 

Edit 

Presets ▼ 


Q Authorization Basic cm9vdDp0ZXN0 

Q Content-Type application/vnd.yang.data+json 


Body 


Headers (7) 


Test Results 


Status: 200 OK Time: 279 ms 












GET > Read-VPN result (XML) 


GET V http://192.168.56.200:8080/api/config/vpn/ 


Pa rams 


Send 


Save 


Pretty Raw Preview XML V 


0 Q 


Save Response 


1 T <collection xmlns:y="http://tail-f . com/ns/rest" > 

2 T <vpn xmlns= ,, http://com/example/vpn"> 

3 <name>5g</name> 

4 <service-type> network-slice- 13vpn</service-type> 

5 ' r <network-slice-l3vpn xmlns="http ://com/example/vpn" > 

<network-slice-id-I3vpn>500</network-slice-id-I3vpn> 

<rsvp-te-steering-l3vpn>false</rsvp-te-steering-I3vpn> 

S'" <node-list-13vpn ximlns="http ://com/example/vpn"> 

<node-name-13vpn>5g-xe2</node-name-13vpn> 

10 </node-list-13vpn> 

11 T <node-list-13vpn xmlns="http ://com/example/vpn" > 

12 < nod e-n ame-13vpn > 5g-x r1< /nod e-n ame-13vpn > 

13 </node-list-l3vpn> 

14 </network-slice-l3vpn> 

15 T <y:operations> 

16 <check-sync >/api/config/vpn/5g/_operations/check- sync</check-sync> 

17 <deep-check-sync>/api/conf ig/vpn/5g/_operations/deep-check -sync</deep-check-sync> 

IS <re - deploy >/api/config/vpn/5g/_operations/re-deploy </re-deploy> 

19 <reactive-re-deploy >/api/config/vpn/5g/_operations/reactive-re-deployc/ reactive-re-deploy> 

20 <touch >/api/config/vpn/5g/_operations/touch</t ouch> 

21 <get-modifications> /api/config/vpn/5g/_operations/get-modification s</get-modifications> 

22 <un-deploy >/api/config/vpn/5g/_operations/un-deploy </un-deploy> 

23 </y:operations> 

24 </vpn> 









JSON Format 


root@ncs# show runmng-config vpn 5g | display json 

{ 

"data": { 

"vpn:vpn": 

{ 


’name": "5g", 


"service-type": "network-slice-13vpn", 
"network-slice-13vpn": { 

"network-slice-id-13vpn": 500, 

"rsvp-te-steering-13vpn": false, 

"node-1ist-13vpn": [ 

{ 

"node-name-13vpn": "5g-xe2", 

"node-13vpn": "xe2", 

"node-slice-13vpn": [ 

{ 

"node-slice-name-13vpn": "5g-control", 
"1ink-interface-id-13vpn-ios": "6", 
"bandwidth-bps-13vpn": "50000000", 

"1ink-vlan-id-13vpn": 501, 

"1ink-ipv4-address-l3vpn": "5.2.1.1", 
"1ink-ipv4-mask-l3vpn": 24 


'node-name-l3vpn": "5g-xrl", 

'node-13vpn": "xrl", 

'node-slice-13vpn": 

{ 

"node-slice-name-13vpn": "5g-control", 
"1ink-interface-id-13vpn": "0/0/0/5", 
"bandwidth-kbps-13vpn": "50000", 
"link-vlan-id-l3vpn": 501, 

"1ink-ipv4-address-l3vpn": "5.1.1.1", 
"link-ipv4-mask-13vpn": 24 


} 


Patch > vpn > 5g -> add more configuration 

► Patch-Service L3VPN 5G Examples (0) ▼ 


PATCH v 

http://192.168.56.200:8080/api/config/ 

Pa rams 

1 Send s 

| Save v 

Authorization 

Headers (2) Body • 

P re-req u est Scr i pt T ests 



Code 

form-data 

3 

x-www-f o r m -urlencoded 

■■node-iist-i3VDn": 1 

• raw binary Text v 





9 

10 

n 

12 

13 

14 

15 

16 
17 
IS 

19 

20 
21 
22 

23 

24 

25 

26 
27 
23 


{ 

"node-name-13vpn": "5g-xrl", 

"node-13vpn": "xrl", 

"node-slice-13vpn": [ 

{ 

"node-slice-name-l3vpn": "Sg-control", 
"link-interface-id-I3vpn": "0/0/0/5", 
"bandwidth-kbps-13vpn": 1000000 , 

"link-vian-id-13vpn": 501, 

"link-ipv4-address-13vpn": "1.5.1.1", 
"link-ipv4-mask-13vpn": 24 

L 

{ 

"node-slice-name-l3vpn": "5g-user", 
"link-interface-id-13vpn": "0/0/0/5", 
"bandwidth-kbps-13vpn”: 1000000, 
"link-vlan-id-13vpn": 502, 

"link-ipv4-address-13vpn": "1.5.2.1", 
"Iink-ipv4-mask-l3vpn": 24 

} 




Status: 204 No Content 

Time: 13521 ms 

0 Q 

Save Response 







Patch > vpn > 5g -> add more configuration 

node-list-l3vpn a 


□ 

□ 

□ 

□ 

□ 


node-name-l3vpn 


node-!3vpn 


5g-xe2 


xe2 


5g-xr1 

5g-xr3 

5g-xr4 


ft /vpn:vpn{5g}/network-slice-l3vpn/node-list-l3vpn{5g-xr4}/ 



node-slice-l3vpn 


□ 

node-slice-name-l3vpn 

Iink-interface-id-l3vpn 

bandwidth-kbps-l3vpn 

Iink-vlan-id-l3vpn 

Iink-ipv4-address-l3vpn 

Iink-ipv4-mask-l3vpn 

routing-protocol-to-ce 

□ 

5g-control 

0 / 0 / 0/4 

1000000 

501 

4.5.1.1 

24 

connected 

□ 

5g-user 

0 / 0 / 0/4 

1000000 

502 

4.5.2.1 

24 

connected 


@@o 























POST > new vpn > autocar 


► Post-Service L3VPN autocar copy 


POST v 


http://192.168.56.200:8080/api/config/ 


Params 


Send 



Authorization Headers (2) Body* Pre-request Script Tests 


Code 


form-data x-www-form-urlencoded • raw • binary Text v 


1 

2 

3 

4 

5 

6 
7 
S 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 
21 


{ 

"vpn:vpn": [ 

{ 

"name": "autocar", 

"service-type": "network-slice-lBvpn 11 j 
"network-slice-13vpn": { 

"network-slice-id-13vpn": 100^ 

"node-list-13vpn": [ 

{ 

"node-name-13vpn": "autocar-1", 
"node-13vpn": "xrl", 

"node-slice-13vpn": [ 

{ 

"node-slice-name-i3vpn": T, bmw", 
"link-interface-id-I3vpn": "0/0/0/S", 
"bandwidth-kbps-13vpn": 1000000, 
"link-vlan-id-13vpn": 101, 
"link-ipv4-address-13vpn": "5.1.1.1", 
"link-ipv4-mask-13vpn": 24 

}, 

{ 



Status: 201 Created 

Time: 17820 ms 

0 Q | 

Save Response 






























Delete > VPN 


► Delete-Service L3VPN autocar 

DELETE v http://192.168.56.2Q0:8Q80/api/config/vpn/autocar 


Examples (0) 


Params 


Send 


Save 


Status: 204 No Content Time: 13521 ms 
0 Q Save Response 







Partner SDN Lab Demo Presentation 




Partner SDN Lab Demo Presentation 


Partner Office 

12-16 Aug 2019 


Partner Enablement Project 

Build and Demonstrate and 
Train to Other 

Description 

Partner Lab 

XR&XE 

virtual or/and physical Router 

Topology 

Customer Topology 

CE-PE-P-IGW 

Transport 

Customer Transport 

OSPF/ISIS - LDP Migration - SR - SR Policy 

Service 

Customer VPN Service Type 

L2VPN - L3VPN 

Orchestration 

NSO 

Transport & Service Automation 


Please draft Partner SDN Lab Demo Agenda slide 

1. Customer Topology on Partner Lab 

2. Customer Existing Network Service and Transport Technology 

3. Customer Existing Challenges 

4. Solution Value Proposal 

5. Solution Demonstration on Partner Lab 











• 111 • 111 • 
CISCO 


THANK YOU 











